Infostealers deployed via phony Google Meet alerts

Hackread reports that Windows and macOS users have been targeted with a new ClickFix attack campaign impersonating Google Meet alerts to facilitate the deployment of information-stealing malware.

Attacks involved the display of fraudulent Google Meet popup alerts, which would download the StealC or Rhadamanthys infostealers for Windows users and the AMOS Stealer payload for macOS users, according to a Sekoia analysis. Such intrusions are believed to have been conducted by the Slavic Nation Empire and Scamquerteo Team operations, which are associated with crypto scam teams Marko Polo and CryptoLove, respectively. Additional findings revealed the utilization of shared infrastructure between both groups. "Given the variety of initial malicious websites redirecting to this infrastructure, we assess with high confidence that it is shared among multiple threat actors. They collaborate within a centralized Traffers team to share certain resources, including this infrastructure and the AMOS Stealer, which is also sold as Malware-as-a-Service," said Sekoia researchers.