1. Forum
  2. tqw
  3. TQW GENTECH

  • That Google Meet invite could be a fake, hiding some dangerous ma

    From TechnologyDaily@1337:1/100 to All on Friday, October 18, 2024 16:15:05
    That Google Meet invite could be a fake, hiding some dangerous malware

    Date:
    Fri, 18 Oct 2024 15:04:00 +0000

    Description:
    Be careful when receiving video call invitations, especially those bringing
    up camera and microphone errors.

    FULL STORY ======================================================================

    Hackers are targeting victims with fake broken Google Meet calls in an
    attempt to infect them with malware and thus grab their sensitive
    information, experts have warned.

    A report from cybersecurity researchers Sekoia claim the campaign is a new variant of the previously-observed ClickFix attack.

    ClickFix victims are shown a fake error page (for example, a browser that is outdated and thus unable to open a certain website) and then offered a fix (a patch, or a version upgrade). If the victims dont realize the ruse and download the fix, they end up infecting their endpoints with different malware. StealC and Rhadamanthys

    In this instance, Sekoias researchers found several websites pretending to be Google Meet video conferencing landing pages.

    People that open these websites are shown an error regarding their microphone or camera. The offered fix is a PowerShell code, copied to the clipboard, which runs in the Windows Command Prompt.

    This code ultimately deploys either the StealC infostealer, or Rhadamanthys. For macOS , which is also targeted, the attackers are dropping the AMOS Stealer as a .DMG file called Launcher_v194.

    The threat actors in this campaign are called the Slavic Nation Empire (SNE) and Scamquerteo, apparently sub-groups of other threat actors named Marko
    Polo and CryptoLove, respectively.

    Besides Google Meet, Sekoia has found Zoom, PDF readers , fake video games (Lunacy, Calipso, Battleforge, Ragon), web3 browsers and projects (NGT Studio), and messenger apps (Nortex) being abused for the same purpose.

    The attack most likely starts with a phishing email, and targets mostly transport and logistics firms.

    Via BleepingComputer More from TechRadar Pro This new phishing attack uses a sneaky infostealer to cause maximum damage Here's a list of the best
    firewalls today These are the best business VPNs



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/that-google-meet-invite-could-be-a-fake -hiding-some-dangerous-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)