Proofpoint, the cybersecurity firm credited with developing the tactic, reported in June that the tactic is increasingly being used by threat actors, including the first access vendor TA571, to deliver malware such as DarkGate, Matanbuchus, NetSupport, and and various information hackers.
Making Google Meet Conference mistakes
In the cases seen by Sekoia, malicious actors were found to be using websites that masqueraded as the home page for a Google Meet video conference. The sites displayed false pop-up windows indicating problems with the microphone and headset, Sekoia added.
The pop-ups planted by criminals encouraged users to fix problems by pressing key combinations which eventually led to victims copying and pasting the malware code and running it on command.
Source link