New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT
Overview
Researchers at Cisco Talos have identified a new campaign by a Russian-speaking group known as UAT-11795, which is distributing fake installers for popular applications like Zoom, Webex, and MobaXterm. These malicious installers are designed to deliver the Starland Remote Access Trojan (RAT) and a memory-only implant called WLDR. The campaign has been targeting users primarily in the United States and Europe. This is concerning as it highlights the ongoing threat posed by financially motivated cybercriminals who exploit trusted software to gain access to sensitive systems. Users should be wary of downloading software from unofficial sources and ensure they are using legitimate installation files to protect against such attacks.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: Zoom, Webex, MobaXterm
- Action Required: Users should only download software from official websites and verify the integrity of installation files.
- Timeline: Disclosed on July 16, 2023
Original Article Summary
Russian-speaking UAT-11795 spreads trojanized Zoom, Webex, and MobaXterm installers to deliver Starland RAT and the WLDR memory-only implant. Cisco Talos researchers published a detailed technical report on July 16 disclosing UAT-11795, a financially motivated, Russian-speaking threat actor that has been running a malware campaign against users in the United States and Europe since at least […]
Impact
Zoom, Webex, MobaXterm
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Disclosed on July 16, 2023
Remediation
Users should only download software from official websites and verify the integrity of installation files. Regularly update software and employ security solutions that can detect and block such threats.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Cisco, Exploit, Malware, and 1 more.