Fake Google Meet Pages Used to Spread Malware

Chrome, ClickFix, DarkGate, Facebook, Google, Google Meet, Lumma Stealer, malware, Ophtek, Phishing Email, , , , , , , , ,
12
Nov 2024

Hackers have designed fake Google Meet error pages to distribute info-stealing malware which can compromise all the data on a network.

It feels as though malicious websites are springing up on a daily basis, and with 12.8 million websites infected with malware, this is a fair assumption to make. The latest attack under the Ophtek spotlight centers around Google Meet, a videoconferencing service hosted online by Google. The threat uses fake connectivity errors to lure victims into inadvertently launching the malware on their own system. And with Google Meet having over 300 million active users every month, the chance of this campaign tripping people up is exceptionally high.

The Danger of Fake Google Meet Pages

Google Meet attack appears to be part of a wider hacking campaign known as ClickFix, which has also been identified using similar fake websites impersonating Google Chrome and Facebook. In all these cases, the objective of the campaign is to install info stealers onto infected PCs. Malware used in these attacks include DarkGate and Lumma Stealer.

Fake error messages are displayed in the web browsers of victims to indicate a connectivity issue with a Google Meet call. However, there is no Google Meet call taking place, it’s simply a ruse to deceive victims into following through on a malicious call-to-action. These ‘errors’ recommend copying a ‘fix’ and then running it in Windows PowerShell, an app commonly used to automate processes on a Microsoft system.

Unfortunately, rather than fixing the ‘error’ with Google Meet, the execution of this code within PowerShell simply downloads and installs the malware. Once installed, malware such as DarkGate and Lumma Stealer has the potential to search out sensitive data on your network, establish remote network connections, and transmit stolen data out of your network.

Victims are redirected to these malicious websites via phishing emails, which claim to contain instructions for joining important virtual meetings and webinars. The URLs used within the emails appear like genuine Google Meet links but take advantage of slight differences in the address to deceive recipients.

Protecting Yourself from Fake Google Meet Malware

The best way to stay safe in the face of the fake Google Meet pages (and similar attacks) is by being proactive and educating your staff on the threats of malicious websites. Accordingly, following these best practices gives you the best chance of securing your IT infrastructure:

  • Double Check URLs: malicious websites often mimic genuine ones to catch people off guard. Therefore, always verify any URL for anything unusual such as misspelled words or lengthened and unusual domain endings, before clicking them. This will minimize your risk of falling victim to phishing and malware attacks.
  • Use Browser Security Features: many browsers, such as Google Chrome, come with built-in security features which can block sites known to be harmful or detect suspicious downloads. If you have these protections enabled, and this is easily done through your browser settings, you can rest assured you’re putting a strong security measure in place.
  • Install Antivirus and Firewall Software: one of the simplest way to protect yourself is by installing antivirus and firewall software, which is often available for free in the form of AVG and Kaspersky. This software can not only detect malware, but also block it before it reaches your system, so it can be considered a very strong form of defense.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Kiosk Mode Exploited to Steal Google Credentials

Amadey, antivirus software, Chrome, Google, hard_reset, hotkeys, kiosk_mode, malware, Ophtek, StealC, , , , , , , , ,
08
Oct 2024

There’s nothing worse that a new and innovative malware approach, but that’s exactly what Google users have been exposed to.

This latest attack takes advantage of Google’s kiosk mode. For those of you not familiar with kiosk mode, here’s a quick breakdown: it’s a Chrome browser mode which limits devices to use only one specific app or function, perfect for public or business use. It protects devices by locking access to the rest of the device away. Typically, they can be seen in staff sign-in devices or on devices which provide access to in-person catalogues. And hackers are now exploiting kiosk mode to launch data harvesting malware.

Understanding the Google Kiosk Attack

OALABS security researchers have revealed how the attack unfolds, so we’re going to walk you through the nefarious activity and processes. Initially starting with the execution of, in the majority of cases, the Amadey malware, the attack starts with Amadey scanning the device for available browsers. Once it finds, for example, Chrome, Amadey will launch the browser in kiosk mode and direct it to a legitimate, yet compromised URL.

Cleverly, Amadey ensures that both the F11 and Escape keys are disabled, making it difficult for victims to close kiosk mode down in an instant. It’s also particularly tricky, for users, as kiosk mode tends to run in full-screen mode, meaning typical browser features such as navigation buttons and toolbars are absent. Users, therefore, are severely restricted in what actions they can take while locked in kiosk mode.

The URL, which launches in kiosk mode, is a genuine ‘change password’ page for Google credentials. However, in the background, Amadey has launched StealC, an information stealer which will then harvest the inputted credentials and forward them to the hackers. The attack is a frustrating one, and one where the hackers hope this frustration will lead to victims entering their login credentials in sheer desperation.

How Do You Escape Kiosk Mode and Stay Safe?

If you find yourself stuck in kiosk mode, there’s a risk that you could be under attack. Luckily, there are a number of measures you can take to nullify the threat:

  • Perform a Hard Reset: Drastic times often call for drastic measures, so that’s why a hard reset may be your best option here. Simply hold down the power button on your device, usually for five seconds, until it shuts down. You will lose any unsaved work, but it does buy you some breathing time to rescue your device.
  • Run an Anti-Virus in Safe Mode: Once you’ve escaped kiosk mode, it’s important to remove the initial threat from your device. You can do this by restarting your PC and entering Safe Mode – usually by pressing F8 during the bootup process – and then running anti-virus software such as AVG or Malwarebytes.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Latest Chrome Update Highlights Numerous Vulnerabilities

Chrome, Ophtek, Updates, zero-day, , ,
30
Aug 2022

Chrome is the most popular web browser on the market by far, but its success is no guarantee of being free from vulnerabilities as a new update shows.

No piece of software is created perfectly, so there’s always a need to update and refine applications. In particular, security vulnerabilities are one of the most common issues which software designers find themselves needing to go back and solve. And this is because threat actors will use all their resources to discover even the tiniest chink in an application’s armor. Once this has been discovered, they’re presented with the opportunity to bypass security and exploit the software.

Chrome’s latest update comes packed full of functionality upgrades, but also 11 security fixes. As it’s likely your organization regularly works with Chrome, we’re going to look at what this patch offers you.

What is Chrome’s Latest Update?

The latest update from Chrome – details of how to install it are here – delivers a variety of fixes which include:

  • A zero-day vulnerability – tagged as CVE-2022-2856 – which has allowed hackers to take advantage of a flaw in Web Intents, a process which allows web apps to connect with web services.
  • Several ‘use-after-free’ vulnerabilities, these are flaws that are usually opened when an application fails to clear its memory when used. This scenario provides a foothold to threat actors looking to breach security.
  • A heap buffer overload vulnerability relating to downloads made through Chrome, a vulnerability which allows memory corruption to open a backdoor for threat actors.

t only takes one vulnerability to compromise a PC, so the need to patch 11 vulnerabilities strikes a major blow to Chrome’s reputation. To make matters worse, this is the fifth zero-day vulnerability Chrome have had to issue in 2022. Digging deeper into the contents of the update, it also becomes apparent that ‘use-after-free’ errors are a significant problem within Chrome at present.

Is Chrome Safe to Use?

Computer Keyboard with symbolic padlock key

Chrome will continue to work even without the latest update. However, the protection at its disposal will be lacking any substantial strength. There’s a chance, of course, you won’t fall victim to a cyber-attack which exploits these flaws, but do you really want to take a chance? The sensible answer is: NO! And, although Chrome haven’t released any specific details about these latest vulnerabilities, you can bet your bottom dollar that hackers will now be focusing their attention on Chrome.

Therefore, it’s crucial you install this latest Chrome update as soon as possible. Even if your organization’s preference is, for example, to use the Edge browser, you need to update Chrome if it’s present on your PCs. This is the only way to ensure that security gaps are plugged. Naturally, there will be further vulnerabilities which remain unidentified, but you can only deal with threats which are known. Chrome, on the whole, is a reputable and safe browser, you just need to make sure that automatic updates are activated.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Best Plugins for Browsing Safely in Chrome

Chrome, Google, Ophtek, Plugins, Security, , ,
17
Dec 2019

Google’s Chrome browser is a popular browser and one that it is relatively secure. But it can be made even safer with the correct plugins.

It’s estimated that over half of all web traffic goes through Chrome browsers and this popularity is down to its innovation and simple interface. However, the success of Chrome has made it a target of hackers. And this has been highlighted by the recent WizardOpium vulnerability which required a swift patch from Google. There’s added danger for Chrome users from more generalized online threats such as malicious websites and data security concerns. Thankfully, help is at hand for web users in the form of security plugins.

And, to help you enhance your Chrome experience, we’re going to examine the best plugins for browsing safely in Chrome.

What is a Plugin?

You may not be familiar with plugins, so it’s probably a good idea that we start by explaining them. A plugin is a piece of software which, as the name suggests, ‘plugs in’ in to your browser. Acting as an additional software component, a plugin adds extra features to your browser. The types of plugin availability aren’t just limited to security features either. Adobe’s Flash player, for example, is probably one of the most well-known browser plugins.

Chromes Best Security Plugins

It’s now time to take a look at the best plugins for browsing safely in Chrome:

  • Ghostery: A privacy ad blocker, Ghostery grants Chrome the opportunity to block adverts and stop data trackers from harvesting your data. The plugin allows you to customize which ads and trackers remain active whilst blocking the more suspicious ones. And, best of all, by blocking ads and data trackers you will speed up the load time of webpages.
  • Web of Trust: It’s estimated that there are up to 18.5 million malicious websites online, so you need to be careful where you browse. With a plugin such as Web of Trust you can maximize your safety. Not only does Web of Trust advise you when you land on an unsafe website, but it also displays ‘reputation’ icons next to the results generated by search engines.
  • Blur: Passwords are a crucial element of safe web browsing, but they need to be kept secure. If your passwords are compromised then you’re at risk of having your personal data stolen. Blur helps you to avoid this. It’s a powerful plugin which can generate strong passwords while also encrypting and saving them. This ensures that there’s no need to memorize or write down you passwords; you can just click and go. 
  • HTTPS Everywhere: The best websites are those with a URL which starts with https rather than just http. The additional S of https indicates that it’s a secure website. However, if you have installed the HTTPS Everywhere plugin then, in most cases, it will be able to automatically switch a http site to a more secure https version.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More