Researchers have uncovered a new campaign called Zoom Stealer, targeting over 2.2 million browser users through malicious extensions that harvest meeting data. The campaign is linked to the China-based threat actor DarkSpectre, which has a history of large-scale espionage and malware campaigns. #DarkSpectre #ZoomStealer
Keypoints
- The Zoom Stealer campaign involves 18 browser extensions collecting sensitive meeting data.
- DarkSpectre, a China-linked threat actor, is suspected of orchestrating this and other malicious campaigns.
- The compromised extensions request access to multiple video-conferencing platforms and exfiltrate data via WebSocket connections.
- The collected data includes meeting URLs, IDs, passwords, participant details, and session metadata.
- The stolen information can be used for corporate espionage, social engineering, and large-scale impersonation operations.