Cybersecurity researchers from ESET found a handful of malicious Android apps that were spying on people and stealing sensitive information from their mobile devices.
In a press release shared with TechRadar Pro earlier this week, the researchers said that a new threat actor group, which they dubbed Virtual Invaders, was active from late 2021.
IntroductionBeginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware. The threat actor spreads SpyNote RAT to Android users and NjRAT and DCRat to Windows users. This article describes and shows how the threat actor’s malicious URLs and files can be identified on these fraudulent online meeting websites.
Key Takeaways
A threat actor is distributing multiple malware families using fake Skype, Zoom, and Google Meet websites.
The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows systems.
Campaign OverviewThe attacker utilized shared web hosting, hosting all these fake online meeting sites on a single IP…