Phishing emails spoof WebEx invites, abuse Cisco open redirect


That WebEx meeting invite you just received may actually be a phishing email that spreads the WarZone remote access trojan by abusing a Cisco open redirect.


An open redirect is an app or website vulnerability — caused by improper authentication of URLs — that allows attackers to introduce their own URLs that route users or visitors to a malicious website. Researcher Alex Lanstein discovered the campaign last week and on Nov. 6 issued a tweet explaining how the scam works.


“Pretty slick webex phish/spoof… leverages what appears to be a redirect service on Cisco’s page to redirect to the malware (called webex.exe)” wrote Lanstein, whose tweeted was previously spotted and reported by BleepingComputer’s Lawrence Abrams.


Victims of this scam receive a convincing-looking meeting invitation, replete with a meeting number, password and time. There is also a “Join Meeting” button, just as there would be had they received a genuine invitation.


Normally, users who click this button are routed to a site and subsequently prompted to download the official WebEx client. But by abusing the Cisco open redirect, the attackers instead send victims to a site that downloads WarZone as a malicious payload, ..

Support the originator by clicking the read the rest link below.