SyncWave Blog
Cybersecurity 2 min read 84

Russian hackers use fake Zoom and WebEx apps to spread malware

A group of Russian cybercriminals is distributing Starland RAT malware through modified versions of popular video conferencing tools.

cyber security hacker

The new modus operandi: trojanized applications

Security in both corporate and personal environments is once again in the spotlight. Recent investigations have identified the Russian-based threat group UAT-11795 using a sophisticated technique to compromise systems: the distribution of altered legitimate software. In this hack, the attackers offer trojanized versions of mass communication platforms like Zoom and WebEx to infiltrate a new backdoor known as Starland RAT.

This malware does not just seek remote control of computers; it is specifically designed for the exfiltration of credentials and the theft of digital assets. This tactic exploits the user's trust in everyday tools to bypass basic perimeter defenses.

The threat to digital assets

The primary goal of UAT-11795 is financial. Once Starland RAT is installed, the malware scans the system for cryptocurrency wallet configuration files and login data stored in browsers. Incidents of this type reinforce the need for caution, as, much like the recent threat of OkoBot: The new vulnerability that hijacks your crypto wallets, end users remain the weakest link in the security chain.

"The Starland RAT malware possesses advanced capabilities to steal session tokens, saved passwords, and specific cryptocurrency wallet data, turning every infected user into a direct source of income for the attacker."

Are we facing a new wave of ransomware?

Although the current goal is the theft of credentials and crypto-assets, there is a latent concern regarding whether these groups will escalate their attacks to ransomware. Historically, Russian threat actors have demonstrated great agility in pivoting their strategies. Considering that countries such as U.S. sanctions VPN service for facilitating ransomware attacks have intensified their measures against infrastructure that facilitates data hijacking, it is likely that cybercriminals will seek increasingly stealthy methods to monetize their access before being detected.

Security recommendations

To mitigate the risk of a vulnerability exploited by this type of malicious software, it is recommended to:

  1. Download software only from official sources or verified app stores.
  2. Implement the use of password managers that do not rely exclusively on browser storage.
  3. Keep systems updated and perform periodic audits of background processes.

Constant vigilance is our best tool against actors who evolve faster than traditional security solutions.

Share:

Comments

Loading comments...

Contact

Want to get in touch?

Questions, suggestions or proposals — write to us and we will respond.