Remote work tools are now essential for business, but attackers continue to exploit trust in everyday platforms. A recent malware campaign targets users through a fake Google Meet page hosted on gogl-meet[.]com, using the ClickFix social engineering technique to bypass traditional browser security and deliver a Remote Access Trojan (RAT).
The attack begins when a user opens the fraudulent site, which visually mimics Google Meet. Instead of joining a meeting, a pop-up claims a camera or microphone issue. Users are prompted to execute a series of keystrokes via the Windows Run dialog, unknowingly running a malicious PowerShell script copied to their clipboard. This method effectively circumvents browser protections like Google Safe Browsing and SmartScreen.
Analysis shows attackers obfuscate the script with visual symbols such as green check marks, giving the appearance of legitimacy while hiding malicious code. Unlike earlier phishing campaigns, this strategy demonstrates a shift toward hyper-targeted attacks on corporate environments where video conferencing is routine. Security teams should monitor unusual PowerShell execution patterns, particularly those initiated from the Run dialog with extensive comment blocks or Unicode characters.
Conclusion
This campaign highlights that even trusted collaboration platforms can be weaponized. Organizations must implement proactive cybersecurity measures, conduct regular employee awareness training, and strengthen detection protocols to mitigate risks from social engineering techniques like ClickFix.
About COE Security
COE Security partners with organizations in financial services, healthcare, retail, manufacturing, and government to secure AI-powered systems and ensure compliance. Our offerings include:
- AI-enhanced threat detection and real-time monitoring
- Data governance aligned with GDPR, HIPAA, and PCI DSS
- Secure model validation to guard against adversarial attacks
- Customized training to embed AI security best practices
- Penetration Testing (Mobile, Web, AI, Product, IoT, Network & Cloud)
- Secure Software Development Consulting (SSDLC)
- Customized CyberSecurity Services
COE Security assists organizations facing sophisticated malware campaigns by providing threat detection, incident response, and employee training to identify and prevent social engineering attacks. We ensure secure AI integration, robust defenses, and regulatory compliance.
Follow COE Security on LinkedIn for ongoing insights into safe, compliant AI adoption and staying cyber safe.