Today I’ll tell you about an attack detected a few hours ago by Matrix and reported on urlscan.io.
This is a fairly complex attack against Zoom. The attackers registered on Namecheap a domain (us06webzoomus[.]pro) reminiscent of Zoom subdomains and deployed a series of files.
Here we find three malware (Android and Windows), static content (scripts, images, etc.), a batch for Windows using Powershell.
The contents are in Russian.
If I find the time I will update the article with details about the malware, if I don’t find the time, anyway you know not to run these executables 🙂
eca's blog 