WebEx meeting invitations targeted by phishing scam

A cyber security researcher has discovered a phishing scam posing as a WebEx meeting invitation.

Victims of this scam received an authentic-looking invite which, when clicked, directs users to a website that downloads malicious software onto their computer. This software, the WarZone remote access Trojan, is then able to take over webcams, delete files, log keystrokes and download software.

This scam took advantage of a security flaw on the WebEx website – known as an open redirect – that causes a failure to properly authenticate URLs. This allowed attackers to introduce their own URLs, directing users to a malicious website.

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: