Threat actors are leveraging fake meeting invitations for Zoom, Microsoft Teams, Google Meet, and other video conferencing platforms to trick users into installing remote monitoring and management (RMM) tools, according to researchers at Netskope.
These invitations direct users to convincingly spoofed landing pages for fraudulent video meetings. The pages often display a list of coworkers who have supposedly already joined the session, adding to the illusion of legitimacy. Users are then prompted to install what appears to be a software update in order to join the call.
“The payload, disguised as a software update,_fmt is a digitally signed remote monitoring and management (RMM) tool such as Datto RMM, LogMeIn, or ScreenConnect,” the researchers explain. “These tools allow attackers to remotely access victims’ machines and obtain full administrative control over their endpoints, which can lead to data theft or the deployment of more destructive malware.”
Because the meeting appears to be in progress, users may feel pressured to act quickly and overlook warning signs, making them more likely to install the fraudulent update.
“As victims attempt to join the call, they are shown a notification stating that their application is outdated or incompatible,” . “To continue, they must download and run the provided ‘update’ before being granted access. By presenting the malicious payload as a necessary technical fix for a legitimate business task, attackers increase the chances that users will bypass security warnings to avoid missing the meeting.”
The use of legitimate, digitally signed RMM tools also helps the attackers evade detection. Since these tools are commonly used for authorized administrative purposes, they are less likely to be flagged by security systems.
“By deploying legitimate, digitally signed RMM tools instead of custom-built malware, attackers can blend in with normal corporate traffic,” the researchers note. “Because these tools may already be approved within enterprise environments, they can bypass signature-based security controls and establish a persistent administrative presence without immediately triggering alarms.”
AI-powered security awareness training can provide organizations with a critical layer of defense by helping employees recognize and respond to social engineering tactics. The HRM+ platform from KnowBe4 from Netskope.
About DT Asia
DT Asia began in 2007 with a clear mission to build the market entry for various pioneering IT security solutions from the US, Europe and Israel.
Today, DT Asia is a regional, value-added distributor of cybersecurity solutions providing cutting-edge technologies to key government organisations and top private sector clients including global banks and Fortune 500 companies. We have offices and partners around the Asia Pacific to better understand the markets and deliver localised solutions.
How we help
If you need to know more about Fake Video Meeting Invites Trick Users Into Installing RMM Tools, you’re in the right place, we’re here to help! DTA is Quest Software’s distributor, especially in Singapore and Asia, our technicians have deep experience on the product and relevant technologies you can always trust, we provide this product’s turnkey solutions, including consultation, deployment, and maintenance service.
Click here and here and here to know more: https://dtasiagroup.com/knowbe4/
