Threat Management, Threat Intelligence, Identity, Privacy, Application security

Over a dozen browser extensions pilfer corporate meeting data

China-linked threat actor DarkSpectre has moved to compromise 2.2 million Google Chrome, Mozilla Firefox, and Microsoft Edge users' online meeting-related information via 18 nefarious extensions as part of the new Zoom Stealer campaign, which follows its GhostPoster and ShadyPanda attacks, according to BleepingComputer.

Access to 28 video-conferencing platforms, including Zoom, Google Meet, and Microsoft Teams, have been obtained by the extensions, which include the widely used Chrome Audio Capture and Twitter X Video Downloader add-ons, to exfiltrate meeting URLs and IDs, registration statuses, speaker and host details, corporate logos, and session metadata through WebSocket connections, a report from Koi Security showed. Such information could then be leveraged to enable corporate espionage and subsequent social engineering intrusions.

"By systematically collecting meeting links, participant lists, and corporate intelligence across 2.2 million users, DarkSpectre has created a database that could power large-scale impersonation operations providing attackers with credentials to join confidential calls, participant lists to know who to impersonate, and context to make those impersonations convincing," said Koi Security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds