By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Russian Hackers Trojanize WebEx, Zoom Apps for Starland Malware
A financially motivated Russian threat actor, identified as UAT-11795, is actively distributing a new backdoor malware named Starland RAT. This actor is achieving distribution by trojanizing legitimate software, specifically targeting popular video conferencing applications such as Cisco WebEx and Zoom. The primary objectives of these attacks are to steal user credentials and cryptocurrency.
The Starland RAT is designed to exfiltrate sensitive information from compromised systems. Analysis of the malware reveals its capability to capture keystrokes, record screen activity, and access system information. Furthermore, the malware is equipped to steal cryptocurrency wallet details, indicating a direct financial motive for the threat actor. The trojanized applications are reportedly disguised as legitimate updates or installers, tricking users into downloading and executing the malicious payload.
This campaign highlights a persistent tactic used by financially motivated cybercriminal groups to leverage widely used software for malware distribution. By compromising the integrity of trusted applications, threat actors can bypass traditional security measures and reach a broader victim base. The involvement of UAT-11795 suggests a sophisticated operation focused on maximizing financial gain through credential theft and cryptocurrency theft.
Original source — read the full reporting at the publisher:
Read on BleepingComputerGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.