Phishing emails spoof WebEx invites, abuse Cisco open redirect


That WebEx meeting invite you just received may actually be a phishing email that spreads the WarZone remote access trojan by abusing a Cisco open redirect.

An open redirect is an app or website vulnerability — caused by improper authentication of URLs — that allows attackers to introduce their own URLs that route users or visitors to a malicious website. Researcher Alex Lanstein discovered the campaign last week and on Nov. 6 issued a tweet explaining how the scam works.

“Pretty slick webex phish/spoof… leverages what appears to be a redirect service on Cisco’s page to redirect to the malware (called webex.exe)” wrote Lanstein, whose tweeted was previously spotted and reported by BleepingComputer’s Lawrence Abrams.

Read more…