Fake Google Meet Page Delivers PowerShell Malware

by Justin Erickson

With the help of a WordPress user that had suspicious URLs popping up on their site, security analysts discovered a campaign that hijacks vulnerable WordPress sites to host a counterfeit Google Meet landing page. Visitors are instructed to copy and run a PowerShell command—presented as a “required fix” to join the meeting—which downloads and executes further malware payloads like RATs and other trojans. This social-engineering chain bypasses browser warnings because no exploit code runs until the user pastes the command into their system. The best defense to protect against attacks like this is staying informed about the dangers and tactics of malicious actors.