Threats Tagged 'teramind'

A campaign using fake Zoom and Google Meet pages to lure victims into fraudulent video calls has been identified. The attackers use these pages to deliver remote-access software. Multiple domains hosting identical fake meeting pages were discovered, with one domain previously linked to a ClickFix campaign. The fake interfaces show an active meeting with expected participants. When victims join, they are prompted to download a file disguised as a Zoom update. Various payloads were identified, including executables masquerading as meeting updates, MSI installers deploying legitimate remote support software, and commercial monitoring software configured for covert remote access. The campaign's goal appears to be establishing remote access using whichever tool is most effective.

MediumMalwareUnited StatesUnited KingdomCanada+7#zoom#phishing#connectwise control

A deceptive campaign is using a fake Zoom meeting website to covertly install Teramind, a commercial monitoring tool, on unsuspecting users' Windows machines. The operation begins with a convincing imitation of a Zoom video call, complete with scripted participants and artificial technical issues. An automatic 'Update Available' prompt then initiates the download of a malicious installer without user consent. The installed software is a covert build of Teramind, designed to run invisibly and avoid detection by security tools. This campaign is particularly dangerous due to its use of legitimate commercial software, which may evade traditional antivirus detection. The attackers exploit users' trust in Zoom and Microsoft to execute their plan, highlighting the importance of verifying meeting links and being cautious with unexpected software updates.

MediumCampaignUnited StatesCanadaUnited Kingdom+7#surveillance software#zoom impersonation#social engineering