Adrian Johnson
TLDR:
- Attackers are using weaponized Cisco Webex Meetings app to deliver malware.
- The attackers are using social engineering to trick users into downloading malicious files disguised as legitimate software.
In a recent information-stealing campaign, hackers have been utilizing a weaponized version of the Cisco Webex Meetings app to deliver malware to unsuspecting users. The attackers have been employing social engineering tactics to trick users into downloading password-protected archives that are disguised as legitimate software. These archives contain malicious files that, once executed, launch a hidden loader program that then establishes a persistent connection to a command and control server (C2). The malware also exploits vulnerabilities in various Windows processes to gain administrator privileges, disable Windows Defender, and exfiltrate data from browsers and other applications on the infected system.
Researchers have identified the attack as a multi-stage process that combines social engineering, DLL side-loading, and process injection to steal credentials and establish a connection to the C2 server. The attackers have been using tactics such as creating filenames with common search terms for pirated software and incorporating specific patterns to target users effectively. The malware has also been observed downloading additional executables and launching PowerShell scripts to further compromise the infected system.
It is crucial for organizations and individuals to be cautious when downloading files from unknown sources and to regularly update their security software to protect against such sophisticated attacks. By staying informed about the latest cybersecurity threats and implementing best practices for online safety, users can reduce the risk of falling victim to malicious campaigns like the one targeting Cisco Webex Meetings.
