Cybercriminals are using fake Zoom meeting invitations to distribute malware that installs remote access tools like ScreenConnect on victimsβ computers. The malware acts as a downloader, enabling attackers to maintain control over affected systems remotely. #ZoomFakeInvitation #ScreenConnect
Keypoints
- Cyber attackers use convincing fake Zoom meeting emails to trick users into downloading malware.
- The malicious download is a simple downloader that installs the ScreenConnect remote access tool.
- The malware installed creates persistence by running as a service and configuring remote access settings.
- The command and control server is hosted on an anonymous DNS, making detection difficult.
- This attack highlights the importance of verifying meeting invitations and download origins to prevent malware infections.
Read More: https://isc.sans.edu/diary/32014