A cyber security researcher has discovered a phishing scam posing as a WebEx meeting invitation.
Victims of this scam received an authentic-looking invite which, when clicked, directs users to a website that downloads malicious software onto their computer. This software, the WarZone remote access Trojan, is then able to take over webcams, delete files, log keystrokes and download software.
This scam took advantage of a security flaw on the WebEx website – known as an open redirect – that causes a failure to properly authenticate URLs. This allowed attackers to introduce their own URLs, directing users to a malicious website.
UK based technology professional, with an interest in computer security and telecoms.