As such a big platform, the impact of impersonation could be very devastating.

We found many domains impersonating Google Meet to trick the users to enter their credentials or to download the fake Google Meet to compromise their system.

The fake Google Meet contains the link or pop up to download the Google Meet application or Extension in the browser. By installing the fake Google Meet, the user will install a malicious payload that will be executed to compromise the system.

At the time of writing, many Companies, Schools, Universities, Governments, others are already compromised.

The impact can lead to data theft or even ransomware.

Please follow our recommendations:

Check your environment to detect the malicious domains:

google-meet-account[.]com

google-meetings[.]com

accountmeet-google[.]com

meet.gooqle-view. [.]com

meet.google[.]com

Blocked all those domains

Provide user awareness and training to the user

Bookmark the correct URL Google Meet for yours users (https://workspace.google.com/products/meet/)

In case you see such domain within your organization perform a full investigation on the host that was in touch with one of the domain by scanning the host and searching for any persistency behavior or C2 activity.

Change the user impacted credentials and re-image the host.

Bangaly Koita

Bangaly Koita is a SOC Analyst and  Cyber Security researcher . As a passionate in cyber security,  he spends most of the time  writing articles and making videos online to share his knowledge and experience to the vast community of IT but in general Cyber Security. Feel free to contact me in case.

osintafrica.net

The post Google Meet typosquat by threat actors first appeared on osintafrica.