A phishing scam in the form of a bogus WebEx meeting invitation has been found which could allow hackers to remote access to a victim’s computer. The scam involves victims receiving a legitimate-looking email invite with a meeting number, password and a link to join the meeting, all of which users of the online meeting platform would be familiar with. However, clicking on the link will take the user to a website that automatically downloads malware to their computer.
This remote access Trojan (RAT) then has the ability to log keystrokes, access webcams, delete files and download further software. This attack utilises a vulnerability known as an open redirect, which means the WebEx website fails to properly authenticate URLs and therefore hackers can add their own to redirect users to a malicious site. Anyone who thinks they may have been affected by this scam should carry out anti-malware scan and change their passwords as soon as possible.