Tag Archives: Zoom

Some attackers use online meeting services as bait for malware. Researchers at Zscaler found fake Skype, Zoom and Google Meet websites that were used by threat actors to spread Remote Access Trojans – RAT for short.

Zscaler’s ThreatLabZ team warns about fake online meeting sites that distribute various malware families. Already at the beginning of December 2023, the researchers discovered a threat actor who creates fake Skype, Google Meet and Zoom websites to spread malware in order to spread remote access Trojans such as SpyNote RAT to Android users and NjRAT and DCRat to Windows users . These pages keep appearing in new versions.

🔎 The attack chain and execution flow for Android and Windows campaigns (Image: Zscaler).

Deceptively real web addresses as a trap

The malware actor…

Bad actors are using fake Zoom, Microsoft’s Skype and Google Meet websites to distribute malware.

As discovered by Zscaler ThreatLabz researchers, threat actors have been impersonating video conferencing brands to spread various malware targeting both Android and Windows users since December 2023.

The spoofed sites, designed in Russian and hosted on URLs eerily similar to their legitimate versions, suggest that attackers are employing “typosquatting” tactics to entice potential victims into downloading malware — meaning some users might not notice the typo in the domain and so believe they will be on the legitimate website.

Zscaler ThreatLabz wrote:

The attacker utilized shared web hosting, hosting all these fake online meeting sites on a…

Cybersecurity researchers have uncovered a new cyber-threat involving fraudulent Skype, Google Meet and Zoom websites aimed at spreading malware. 

The campaign, uncovered in December 2023 by Zscaler’s ThreatLabz, saw perpetrators distributing the SpyNote remote access Trojan (RAT) to Android users and NjRAT and DCRat to Windows users. These malicious URLs and files were identified on fake online meeting websites, posing significant risks to users.

The attackers utilized shared web hosting, housing all fake meeting sites on a single IP address, all in Russian. The fake sites closely mimicked genuine platforms, making them more convincing to unsuspecting users.

“When a user visits one of the fake sites, clicking on the Android button initiates the download of a malicious APK…

A threat actor is creating fake Skype, Google Meet, and Zoom meetings, mimicking these popular collaboration applications to spread various commodity malware that can steal sensitive data from both Android and Windows users.

The campaign, which began in December, demonstrates an emerging cybersecurity threat for corporate users, researchers from Zcaler’s ThreatLabz revealed in a blog post on March 6. The attackers are using shared Web hosting to host fake online meeting sites on a single IP address, leveraging various URLs that are convincingly similar enough to the actual websites of the services being impersonated. The Skype campaign, for instance, used “join-skype[.]info,” while Google Meet users were enticed to join meetings via “online-cloudmeeting[.]pro.” The Zoom campaign uses…

Android and Windows users, beware of fake online meeting sites such as Google Meet, Zoom, and Skype, infecting devices with malicious malware like SpyNote RAT for Android, NjRAT, and DCRat.

Zscaler’s ThreatLabz cybersecurity researchers have discovered a new scam where Remote Access Trojans (RATs) are distributed through online meeting platforms, targeting Android and Windows users with malware. The purpose is to distribute malware that can steal sensitive data and control infected devices.

Researchers discovered a threat actor creating fraudulent websites for spreading malware, including SpyNote RAT for Android and NjRAT and DCRat for Windows, in December 2023. These RATs can steal confidential information and log keystrokes. Users are lured through fake online…