Remote Access Delivered Through Fake Zoom and Google Meet Calls

A campaign using fake Zoom and Google Meet pages to lure victims into fraudulent video calls has been identified. The attackers use these pages to deliver remote-access software. Multiple domains hosting identical fake meeting pages were discovered, with one domain previously linked to a ClickFix campaign. The fake interfaces show an active meeting with expected participants. When victims join, they are prompted to download a file disguised as a Zoom update. Various payloads were identified, including executables masquerading as meeting updates, MSI installers deploying legitimate remote support software, and commercial monitoring software configured for covert remote access. The campaign's goal appears to be establishing remote access using whichever tool is most effective.

Pulse ID: 69aaf10e623ea5265ee07c81
Pulse Link: https://otx.alienvault.com/pulse/69aaf10e623ea5265ee07c81
Pulse Author: AlienVault
Created: 2026-03-06 15:21:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #GoogleMeet #InfoSec #OTX #OpenThreatExchange #Zoom #bot #AlienVault