Russian hackers trojanize WebEx, Zoom apps to push Starland malware

Russian hackers trojanize WebEx, Zoom apps to push Starland malware
UAT-11795 is a financially motivated Russian threat actor using trojanized installers to deploy Starland RAT and steal credentials, cryptocurrency wallet data, and other sensitive information from victims. Cisco Talos reported attacks since June 2025, with U.S. users primarily targeted and additional victims seen in Germany, Romania, and Venezuela. #UAT-11795 #StarlandRAT #CiscoTalos #MobaXterm #WebEx #Zoom #DBeaver #FaceIT #CastleStealer #Remcos

Keypoints

  • UAT-11795 is using trojanized software installers to spread Starland RAT.
  • The campaign has been active since at least June 2025 and mainly targets users in the U.S.
  • Trojanized installers for MobaXterm, WebEx, Zoom, DBeaver, and FaceIT are being used as delivery lures.
  • Starland RAT steals browser data, cryptocurrency wallet assets, system details, and Active Directory information.
  • The attack chain can also deliver CastleStealer and Remcos RAT for additional credential theft and remote control.

Read More: https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/