Beware—Do Not Click These Dangerous New Google Meet And Zoom Links

We have all come to live with the endless succession of online meetings that dominate our working lives. But beware, some of those meetings might suddenly be more dangerous than you think…

It turns out that a dull online meeting might not be the worst thing that can happen when yet another Zoom or Google Meet invite turns up. “Beginning in December 2023,” researchers at Zscaler have just warned, “[we] discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware.” The threat targets both Android and Windows users.

The threat actors behind this new attack have designed fake websites to trick users into installing malware, with the whole process designed to replicate the original, authentic install sites where users can download applications, as directed by meeting links.

The attack—which was initially caught targeting Russian users but will likely spread further afield—used fake URLs and websites closely resembling authentic ones. “When a user visits one of the fake sites, clicking on the Android button initiates the download of a malicious APK file, while clicking on the Windows button triggers the download of a BAT file. The BAT file when executed performs additional actions, ultimately leading to the download of a RAT payload.”

The specific RATs identified by Zscaler’s researchers were SpyNote for Android, and both NjRAT and DCRat for Windows systems. Just to give an idea of the threat this malware poses, SpyNote can more or less take over an entire device, capturing user information and files and reading private messages, eavesdropping through the phone’s microphone, even triggering screen recordings.

Zscaler also reported fraudulent Skype meetings being used as part of the campaign—but it will be Zoom and Google Meet that cause most alarm, given their widespread use across enterprises. The fake Google Meet website is online-cloudmeeting[.]pro, while the Zoom site is us06webzoomus[.]pro.

One further indication of the deviousness at work here is that the campaign directed users to the legitimate websites for iOS, as it was only targeting Windows and Android.

The use of fake websites to trick users into clicking seemingly trusted links is now out of control. And while most fraudulent emails (or invites, in this case) are obvious if you look carefully, they only need to trick you once. “Criminals count on being able to manipulate you into believing that these spoofed communications are real,” the FBI warns, “which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.”

This particular campaign is crafty, in that it relies on users casually clicking meeting URLs without checking them carefully–more easily done than a website, runs the thinking. And, remember that as thew researchers warn, “the attackers hosted these fake sites using URLs that closely resembled the actual websites.” So, you do need to be careful.

In response to this new research, a Google spokesperson told me that “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”

I also approached Zoom and Microsoft for any comments on the report.

This campaign will share links via email or social media, within messages designed to trick victims into clicking through. As ever, now you know this threat is out in the wild be very careful. Only ever install these meeting apps or log into the meetings themselves using the authentic sites with very obviously original URLs. If in doubt, check the source of the link or invitation.

Here are five other simple rules always worth following:

  1. Stick to official app stores—don’t use third party stores and never change your device’s security settings to enable an app to load.
  2. Check the developer in the app’s description—is it someone you’d like inside your life? And check the reviews, do they look legitimate or farmed?
  3. Do not grant permissions to an app that it should not need: torches and star-gazing apps don’t need access to your contacts and phone. And never grant accessibility permissions that facilitate device control unless you have a need.
  4. Once a month, scan through your device and delete a few of the apps you no longer need or haven’t used in a long time.
  5. Do not install apps that link to established apps unless you know for a fact they’re legitimate—check reviews and online write-ups.

“Businesses may be subject to threats that impersonate online meeting applications,” Zscaler warns. “In this example, a threat actor is using these lures to distribute RATs for Android and Windows, which can steal confidential information, log keystrokes, and steal files.”

You have been warned.

Source Link

LEAVE A REPLY

Please enter your comment!
Please enter your name here