Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
RAT malware is targeting Zoom, Skype and Google Meet users
Your passwords and credentials are at risk
3 min. read
Published onMarch 7, 2024
published onMarch 7, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Back in 2021, wereportedabout Remote Access Trojans (RAT) malware attacks delivered through email phishing attacks and it seems like it’s happening again. This time, the attackers who seem to be Russian, trigger other channels like Zoom, Skype and Google Meet.
From the Zscaler’s ThreatLabzsecurity report,the threat actor spreads SpyNote RAT to Android users and NjRAT and DCRat to Windows users.
The RAT is downloaded from fake websites
According to the security firm study, this situation started in December 2023 and it is ongoing so you really need to be cautious on what apps and files you download.
Zscaler’s diagram explains how the scam unfolds. It all starts with visiting a fake download page for the aforementioned communication tools. When you click the download button for Android, you get a malicious APK, and when you click the download for Windows button, you get an infected BAT file.
If you execute the files on your phone or PC, you eventually download the RAT payload.
For instance, the fakejoin-skype[.]infowebsite was created in early December for Skype malicious download while theonline-cloudmeeting[.]profake website is mimicking the Google Meet download page.
In the same way, if you downloaded a file calledupdateZoom20243001bit.batto install Zoom, your PC finally got a malicious payload in the form ofZoomDirectUpdate.exe, a WinRAR archive that contains the DCRat payload.
What happens if my device got infected with a RAT?
Eventually, the malicious batch script will run a PowerShell script, which, in turn, downloads and executes the remote access trojan.
That means that the attacker will have access to your device and will be able to steal passwords, accounts, credential, possibly getting to your credit card data and steal money from your accounts.
As you see, it’s very dangerous and you should check the legitimacy of the website you’re downloading an app from. We should also discuss how you got to the fake website in the first place. Maybe you have clicked on a link in a fake email that seemed like coming from Zoom, Skype or Google Meet offering you benefits or advertising a false update.
If your device is already infected, use astrong antivirusor reset your device to factory settings to remove the threat. If you didn’t download it yet, watch out for the tale tail signs to discover if the website is real or fake and always use the original source to get the app you need.
Did you download any of the apps above lately? Tell us all about that in the comments section below.
More about the topics:Cybersecurity,malware,Skype,zoom
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft.
His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school.
With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, with 14 years of experience in writing on everything there is to know about science, technology, and Microsoft
