Russian hackers trojanize WebEx, Zoom apps to push Starland malware
AI Generated Image

Russian hackers trojanize WebEx, Zoom apps to push Starland malware

BleepingComputer technology

Key Points:

  • The Russian threat actor UAT-11795 has been using trojanized installers of legitimate software to deploy a new backdoor called Starland RAT, targeting credential and cryptocurrency theft since at least June 2025.
  • The malware establishes persistence by modifying the Windows Registry and employs sandbox detection, privilege escalation, and scheduled tasks to maintain access on infected systems.
  • Starland RAT collects extensive data, including browser and cryptocurrency wallet information, system details, Active Directory data, and can capture screenshots, execute shell commands, and inject shellcode to deliver additional malware like CastleStealer and Remcos RAT.
  • The threat actor uses sophisticated command-and-control communication with redundancy via a Polygon smart contract and a novel PowerShell C2 framework called WLDR, which operates in memory and encrypts all communications.
  • Cisco Talos advises organizations to use provided IoCs to detect infections, avoid running unknown commands found online, and only download software from verified official sources to mitigate these attacks.

Trending Business

Trending Technology

Trending Health