A threat actor has been distributing remote access Trojans (RATs) on Android and Windows operating systems using online meeting lures, according to cloud security provider Zscaler.
This campaign has been ongoing since at least December 2023, observed Zscaler’s threat intelligence team, ThreatLabz.
The distributed RATs include Android-focused SpyNote RAT and Windows-focused NjRAT and DCRat.
Malicious APKs and BAT Files Leading to RAT Payloads
To lure its victims into downloading the RATs, the threat actor created several fake online meeting sites, impersonating brands like Microsoft-owned Skype, Google Meet and Zoom.
“All of the fake sites were in Russian,” noted Zscaler ThreatLabz researchers.
The attacker utilized shared web hosting services to host all these websites on a…
Source link