Subj : Watch out - these fake websites advertising Google Meet, Skype, a To : All From : TechnologyDaily Date : Thu Mar 07 2024 20:45:06 Watch out - these fake websites advertising Google Meet, Skype, and Zoom are just spreading malware Date: Thu, 07 Mar 2024 20:35:22 +0000 Description: Another typosquatting campaign is active, tricking people into downloadng RATs FULL STORY ====================================================================== Hackers are, once again, impersonating major tech brands to trick people into downloading malware to their computers, experts have warned. Cybersecurity researchers from the Zscaler ThreatLabz recently discovered a new campaign, in which unidentified threat actors created countless websites whose URL is almost identical to actual websites belonging to the likes Google, Skype, and Zoom. This method is also known as typosquatting, and relies on the fact that many people wont spot a typo in the URL, and will believe they are on the legitimate site instead of a malicious one. Sites in Russian The websites pretend to host video conferencing software, such as Google Meet and the likes. The software offers download links for Windows, Android, and iOS. However, while the iOS link doesnt do anything malicious (it redirects the users to the actual product), the Android and Windows deliver malware. For Android, its nothing more than an APK, but for Windows, it initiates the download of a batch script. That batch executes a PowerShell script, which downloads and runs one of a few remote access trojans (RAT) spotted in the campaign - Spynote RAT (Android), NjRAT, or DCRat (Windows). The campaign has been active since December 2023, with the researchers adding that the spoofed sites are Russian, indicating that the threat actors are either Russian themselves, or simply targeting Russian consumers. "The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows systems," they added. The RATs can be used for a wide array of malicious activities, from stealing sensitive information from the devices, to logging keystrokes, and exfiltrating files. The methods of promoting these websites is unknown, but it is safe to assume that there is a phishing campaign active somewhere on the internet, and that the sites are being actively promoted on social media and various online forums. Via TheHackerNews More from TechRadar Pro This nasty trojan uses Discord as a command and control server Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/watch-out-these-fake-websites-advertisi ng-google-meet-skype-and-zoom-are-just-spreading-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .