Russian hackers use fake Zoom and WebEx apps to spread malware
A group of Russian cybercriminals is distributing Starland RAT malware through modified versions of popular video conferencing tools.

The new modus operandi: trojanized applications
Security in both corporate and personal environments is once again in the spotlight. Recent investigations have identified the Russian-based threat group UAT-11795 using a sophisticated technique to compromise systems: the distribution of altered legitimate software. In this hack, the attackers offer trojanized versions of mass communication platforms like Zoom and WebEx to infiltrate a new backdoor known as Starland RAT.
This malware does not just seek remote control of computers; it is specifically designed for the exfiltration of credentials and the theft of digital assets. This tactic exploits the user's trust in everyday tools to bypass basic perimeter defenses.
The threat to digital assets
The primary goal of UAT-11795 is financial. Once Starland RAT is installed, the malware scans the system for cryptocurrency wallet configuration files and login data stored in browsers. Incidents of this type reinforce the need for caution, as, much like the recent threat of OkoBot: The new vulnerability that hijacks your crypto wallets, end users remain the weakest link in the security chain.
"The Starland RAT malware possesses advanced capabilities to steal session tokens, saved passwords, and specific cryptocurrency wallet data, turning every infected user into a direct source of income for the attacker."
Are we facing a new wave of ransomware?
Although the current goal is the theft of credentials and crypto-assets, there is a latent concern regarding whether these groups will escalate their attacks to ransomware. Historically, Russian threat actors have demonstrated great agility in pivoting their strategies. Considering that countries such as U.S. sanctions VPN service for facilitating ransomware attacks have intensified their measures against infrastructure that facilitates data hijacking, it is likely that cybercriminals will seek increasingly stealthy methods to monetize their access before being detected.
Security recommendations
To mitigate the risk of a vulnerability exploited by this type of malicious software, it is recommended to:
- Download software only from official sources or verified app stores.
- Implement the use of password managers that do not rely exclusively on browser storage.
- Keep systems updated and perform periodic audits of background processes.
Constant vigilance is our best tool against actors who evolve faster than traditional security solutions.
Related articles
16 de julio de 2026
Hackers russos fan servir apps falses de Zoom i WebEx per propagar malware
Un grup de ciberdelinqüents russos està distribuint el malware Starland RAT mitjançant versions modificades d'eines de videoconferència populars.
16 de julio de 2026
Hackers rusos usan apps falsas de Zoom y WebEx para propagar malware
Un grupo de ciberdelincuentes rusos está distribuyendo el malware Starland RAT mediante versiones modificadas de herramientas de videoconferencia populares.
15 de julio de 2026
OkoBot: La nova vulnerabilitat que segresta les teves carteres cripto
El framework OkoBot infecta PCs amb Windows per suplantar aplicacions de Ledger i Trezor i robar frases llavor mitjançant phishing sofisticat.
15 de julio de 2026
OkoBot: The new vulnerability hijacking your crypto wallets
The OkoBot framework infects Windows PCs to spoof Ledger and Trezor applications and steal seed phrases through sophisticated phishing.
Loading comments...