Russian hackers trojanize WebEx, Zoom apps to push Starland malware
A financially motivated Russian threat actor tracked as UAT-11795 is trojanizing legitimate WebEx and Zoom applications to distribute a new backdoor malware called Starland RAT. The attackers target users by offering fake versions of these popular video conferencing tools, which then steal credentials and cryptocurrency. The campaign appears to focus on financial gain rather than espionage. The malware is designed to persist on infected systems and exfiltrate sensitive data. This highlights the ongoing risk of supply-chain-style attacks through trusted software brands. Security researchers have identified the group's tactics and are warning organizations to verify software sources.
Global Impact
This campaign underscores the persistent threat of financially motivated cybercrime groups using trusted software as a vector. The targeting of widely used enterprise tools like WebEx and Zoom means potential exposure for thousands of organizations globally.