UAT-11795 trojanizes WebEx and Zoom installers to push a new Starland RAT for credential and crypto theft
A financially motivated Russian threat actor tracked as UAT-11795 is distributing trojanized WebEx and Zoom installers that drop a new backdoor, Starland RAT, built for credential and cryptocurrency theft. It's the same trojanized-installer shape as this week's AsyncAPI and Laravel-Lang campaigns, just aimed at commercial conferencing software instead of a package registry — verify installer hashes against vendor-published checksums before pushing WebEx/Zoom updates fleet-wide, especially to machines with browser-stored credentials or crypto wallets.