Do NOT answer these Zoom or Skype calls! Terrifying new malware warning issued to Windows and Android users

Fake websites designed to be indistinguishable from Skype, Google Meet, and Zoom landing pages are being used to distribute malware to unsuspecting victims, researchers say

GETTY IMAGES
Aaron Brown

By Aaron Brown


Published: 10/03/2024

- 07:30

Lookalike websites are designed to install malware on your phone or laptop

  • Researchers warn about the prevalence of lookalike video call websites
  • These are designed to trick people into downloading malware
  • Windows and Android devices are in the cross hairs of the campaign

Whatever you do, do not answer these incoming video calls.

Security experts have issued a warning to anyone who uses Android or Windows about a rise in fraudulent websites designed to resemble Zoom, Skype, and Google Meet. But rather than connecting you with friends or family... these sites provide a direct line to malware.


This trend has been building since December 2023, researchers say.

At a glance, these websites look almost indistinguishable from the real deal. Scammers have used the same font and graphics found on the official Google Meet and Zoom webpages. The legitimate icons for the Google Play Store also appear on the websites.

a screenshot of the fake landing page for google meet trying to trick people into downloading malware

Many of the fraudulent websites uncovered by the team at Zscaler were in Russian

ZSCALER PRESS OFFICE

Most of these fraudulent video call portals are in Russian and hosted on URLs that closely resemble the legitimate web address. This could indicate that hackers have laid the trap in the hopes that people will accidentally make a typo and stumble across the fraudulent website.

Once on the fake website, visitors are pushed into downloading malware — mistakenly believing that it’s the official software for video call applications like Skype, Zoom, and Google Meet.

Clicking on the icon to download the Android version of the app will download an APK file laced with malware to your device. Clicking on the button with the Windows icon will kickstart a batch script download. The latter then executes a PowerShell script, which downloads a Remote Access Trojan (RAT).

RATs are a strain of malware that allows an attacker to gain complete administrative privileges and take control of your laptop, desktop, or handset from anywhere in the world. This malicious software needs to be opened to work, so it’s often disguised as a legitimate program to encourage people to double-click and run it.

While some of these websites do have an icon for iOS, security researchers have yet to find an instance of malware for iPhone or iPad being distributed on these websites.

"A threat actor is using these lures to distribute RATs for Android and Windows, which can steal confidential information, log keystrokes, and steal files," the researchers from Zscaler ThreatLabz said.

a screenshot of the fake landing page for skype video calls trying to trick people into downloading malware

Microsoft's Skype, pictured, has been targetted alongside Google Meet and Zoom

ZSCALER PRESS OFFICE

Our findings highlight the need for robust security measures to protect against advanced and evolving malware threats and the importance of regular updates and security patches.

“As cyber threats continue to evolve and become increasingly complex, it is critical to remain alert and take proactive measures to protect against them.”

If you’re unsure about whether a website is legitimate, there are a few things you can do. First, check for the SSL digital certificate — Secure Sockets Layer — that proves that a website is legitimate. This is found in the web address at the top of your browser and is usually denoted with a padlock icon.

LATEST DEVELOPMENTS

It’s also important to check whether the URL begins with “https://”, with the “s” meaning “secure.”

Still unsure? You can type the web address into a website safety checker tool, like Google’s Safe Browsing site status page, which will let you know whether that domain is unsafe or when a previously trustworthy site has been compromised or now contains unsafe elements.

You may like