Hitmetrix - User behavior analytics & recording

Sekoia uncovers new Google Meet malware

Google Meet Malware
Google Meet Malware

The French cybersecurity firm Sekoia has identified a new “ClickFix” campaign that uses fake Google Meet pages to trick people into infecting their PCs and Macs with malware. This campaign targets Google Meet users by exploiting their urgency to join video calls on time, leading them to let their guard down. Like other malware campaigns, this one uses phishing emails to gain a foothold over victims and their computers.

These phishing emails look like actual Google Meet video call invites. However, if you carefully inspect the URLs, you’ll notice something is off. Some URLs used in the campaign include:

meet[.]google[.]us-join[.]com
meet[.]google[.]web-join[.]com
meet[.]googie[.]com-join[.]us
meet[.]google[.]cdm-join[.]us

The correct URL for Google Meet is “meet.google.com,” and there shouldn’t be anything between “Google” and the “.com” top-level domain.

Once the fake landing page is clicked, users are presented with a pop-up message warning them of a technical issue that needs fixing, such as a microphone or headset problem. Clicking the “Try Fix” button triggers the ClickFix infection process. PowerShell code is executed for Windows users, infecting the computer with malware like Rhadamanthys.

The campaign drops the AMOS stealer on Macs as a .DMG file.

Sekoia uncovers new malware campaign

Sekoia’s researchers have also noted similar ClickFix campaigns using other platforms such as Zoom, PDF readers, fake video games, web3 browsers, and messenger apps.

To keep your PC or Mac safe from malware:

1. Be wary of emails from unknown senders. Look for emails that convey urgency and urge you to click on links or download attachments.

2. Always verify the URL of your service by looking up the official website to see how their pages should look. 3.

Ensure you have reliable antivirus software. While Windows and Mac offer built-in antivirus solutions, dedicated antivirus software is often updated more frequently to counter the latest threats. ClickFix has been a successful social engineering trick and is unlikely to disappear anytime soon.

Staying informed and cautious is essential to protect yourself from such malware attacks.

Total
0
Shares
Related Posts