Russian hackers trojanize WebEx, Zoom apps to push Starland malware
Summary
A financially motivated Russian threat actor known as UAT-11795 is distributing a new backdoor malware called Starland RAT by trojanizing legitimate WebEx and Zoom applications. This malware is designed to steal user credentials and cryptocurrency from infected systems.
IFF Assessment
FOE
This article details a new malware campaign by a financially motivated threat actor, posing a direct risk to organizations and individuals.
Defender Context
Defenders should be aware of this campaign and warn users against downloading software from untrusted sources, especially if it appears to be legitimate communication tools. Implementing strong endpoint detection and response (EDR) and educating users on phishing and social engineering tactics are crucial to mitigating this threat.