Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Google Privacy

Fake Google Meet Conference Errors Push Infostealing Malware (bleepingcomputer.com) 6

An anonymous reader quotes a report from BleepingComputer: A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. ClickFix is a social-engineering tactic that emerged in May, first reported by cybersecurity company Proofpoint, from a threat actor (TA571) that used messages impersonating errors for Google Chrome, Microsoft Word, and OneDrive. The errors prompted the victim to copy to clipboard a piece of PowerShell code that would fix the issues by running it in Windows Command Prompt. Victims would thus infect systems with various malware such as DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, a clipboard hijacker, and Lumma Stealer.

In July, McAfee reported that the ClickFix campaigns were becoming mode frequent, especially in the United States and Japan. A new report from Sekoia, a SaaS cybersecurity provider, notes that ClickFix campaigns have evolved significantly and now use a Google Meet lure, phishing emails targeting transport and logistics firms, fake Facebook pages, and deceptive GitHub issues. According to the French cybersecurity company, some of the more recent campaigns are conducted by two threat groups, the Slavic Nation Empire (SNE) and Scamquerteo, considered to be sub-teams of the cryptocurrency scam gangs Marko Polo and CryptoLove.

This discussion has been archived. No new comments can be posted.

Fake Google Meet Conference Errors Push Infostealing Malware

Comments Filter:
  • The easiest thing is to blame the stupid and ignorant users, but it seems that there is other guilty parties. Some tech companies which should know better are aiding and abetting these malicious attacks. For example, one of the "errors" is just a reminder to the user to solve a captcha to prove that he/she is not a bot. And captchas these days force users to do such weird things that honestly, the line between genuine captchas and hacker traps gets blurred. How to educate the user that "this weird thing the

    • ... manually alter Windows Settings ...

      One doesn't have to manually alter settings when installing a PDF editor, or an image editor: Why is that? Let's not forget that a few months ago, a Windows 11 alert appeared telling the user to not install Chrome. The FTC should be slamming Microsoft for anti-competitive behaviour. Microsoft now sees it's customers as idiots paying Microsoft to use their data for the MS AI engine.

  • Ok, fake Google Meet mislead users with running malware install in a PowerShell with copy-pasted code.

    How do they get to this to begin with? I doubt it can sip-in with regular Google Meeting. Can it be, or one need to first be led to join a faked meeting for this to be possible?

    • by unrtst ( 777550 )

      How do they get to this to begin with?

      It's phishing stuff. Fake pages, emails, alerts, etc...

      I remember when we would blame users for clicking on any weird links in outlook, and there was a fake email worm that was just instructions for the user to create an email with all their addressbook of users and copy/paste the contents into it - just to make fun of how ridiculous that was. And now such things make slashdot news.

      I will say (again) that the various help pages that instruct users to copy/paste shell code that will download and install apt

  • ... piece of PowerShell code ...

    So, users with stupidity to access the wrong meeting, just enough skill to open PowerShell but lacking intelligence to assume strange words and numbers are dangerous.

One good suit is worth a thousand resumes.

Working...