Fake Zoom, Skype, Google Meet Apps Used to Distribute RAT Malware

A new scam involving fraudulent Skype, Zoom, and Google Meet websites aimed at luring unsuspecting users into downloading dangerous malware was uncovered by cybersecurity researchers at Zscaler ThreatLabz.

The Dec. 2023 discovery found that these trojans enable a threat actor to steal sensitive personal information, extract files, log keystrokes, and take control of the targeted victim’s devices when executed successfully.

And the threat is ongoing. The hacker designs seemingly legitimate websites of popular online meeting sites like Zoom, Skype, and Google Meet in Russian. By employing the ‘URL hijacking’ tactic, wherein a user might not notice a misspelt domain (fake URL), hackers can easily deceive unsuspecting users into clicking and downloading the malware.

“When a user visits one of the fake sites, clicking on the Android button initiates the download of a malicious APK file, while clicking on the Windows button triggers the download of a BAT file. The BAT file, when executed, performs additional actions, ultimately leading to the download of a RAT payload,” Zscaler advisory revealed.

The SpyNote RAT found in the Android download, and NjRAT and DCRat for Windows systems perform similar functions. They not only allow cybercriminals to control a compromised device remotely but also access device functions like capturing screenshots and recording audio.

According to the advisory, iOS users were not on the targeted list, as selecting an iOS link did not lead to any malicious download. Instead, it led to the official website.

This threat comes at a time when remote and hybrid working is increasingly dependent on online tools like Skype and Meet, and it’s not the first instance.

In October 2023, hackers distributed DarkGate malware via compromised Skype and Teams business accounts. The use of Skype allowed these bad actors to communicate with third-party vendors, making it easier to lure users into downloading malware and launching ransomware campaigns.

It’s essential that both individuals and organizations deploy measures and spread awareness to secure themselves from the increasingly complex threats posed by these threat actors.