Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Fake Google Meet pages deliver identity theft as part of ongoing ClickFix campaign
Global Security

Fake Google Meet pages deliver identity theft as part of ongoing ClickFix campaign

AdminBy AdminOctober 18, 2024No Comments3 Mins Read
Fake Google Meet
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 18, 2024Ravi LakshmananThreat Intelligence / Phishing Attack

Fake Google Meet

Threat actors use fake Google Meet web pages as part of an ongoing malware campaign called Click Fix to deliver information theft targeting Windows and macOS systems.

“This tactic involves displaying fake error messages in web browsers to trick users into copying and executing specified malicious PowerShell code, eventually infecting their systems,” French cybersecurity firm Sekoia said. said in a report shared with The Hacker News.

There were variants of the company ClickFix (aka ClearFake and OneDrive Pastejacking). reported widely Art the last monthswhere threat actors use a variety of lures to redirect users to fake pages that aim to deploy malware by prompting site visitors to run coded PowerShell code to fix a perceived issue with displaying content in a web browser.

Cyber ​​security

These pages are known to masquerade as popular online services, including Facebook, Google Chrome, PDFSimpli and reCAPTCHA, and now Google Meet, as well as possibly Zoom –

  • meet.google.us-join(.)com
  • meet.googie.com-join(.)us
  • meet.google.com-join(.)us
  • meet.google.web-join(.)com
  • meet.google.webjoining(.)com
  • meet.google.cdm-join(.)us
  • meet.google.us07host(.)com
  • googiedrivers(.)com
  • us01web-zoom(.)us
  • us002webzoom(.)us
  • web05-zoom(.)us
  • webroom-zoom(.)us

On Windows, the attack chain ends with deployment StealC and Rhadomantis theft, while Apple macOS users are offered a disk image file (“Launcher_v1.94.dmg”) that removes another theft known as Atomic.

This new social engineering tactic cleverly evades detection by security tools because it involves users manually executing a malicious PowerShell command directly in a terminal, rather than automatically invoking a payload they download and execute.

Fake Google Meet

Sekoia attributed the Google Meet-mimicking cluster to two groups of tradersnamely Slavic Nation Empire (aka Slavice Nation Land) and Scamquerteo which are sub-commands within markopol and CryptoLove respectively.

“Both transfer teams (…) use the same ClickFix template that mimics Google Meet,” Sekoya said. “This discovery suggests that these teams are sharing materials, also known as ‘landing blueprints’, as well as infrastructure.”

This, in turn, has raised the possibility that both threat groups are using the same as-yet-unknown cybercrime service, with a third party likely running their infrastructure.

Cyber ​​security

Development occurs against the background of emergence malware companies open source distribution ThunderKitty theftwhich divides overlaps with Indebtedness and The death of theftas well as named new theft families Divulge, DedSec (aka Doenerium), Duck, Testamentsand UNITS.

“The rise of open-source information thieves represents a significant shift in the world of cyber threats,” said cybersecurity firm Hudson Rock. noted back in July 2024.

“By lowering the barrier to entry and facilitating rapid innovation, these tools could fuel a new wave of computer infections, creating challenges for cybersecurity professionals and increasing the overall risk to businesses and individuals.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025

V0 AI Vercel tool, armed with cybercrime for quick creation pages to enter scale

July 2, 2025

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025

V0 AI Vercel tool, armed with cybercrime for quick creation pages to enter scale

July 2, 2025

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.