Cybersecurity researchers have uncovered an active malware campaign dubbed “Voldemort” that masquerades as legitimate Cisco Webex components to deploy backdoors on targeted systems. The discovery comes just days after Cisco released a security advisory for a critical vulnerability in the Webex App that could allow attackers to achieve remote code execution. “This is a particularly dangerous attack because it leverages legitimate, signed Cisco executables to load malicious code,” noted security analysts. According to researchers, the attack begins when victims are persuaded to click on malicious meeting links that exploit a vulnerability in Cisco Webex App’s custom URL parser. The malware deploys two primary components: a legitimate Cisco executable (CiscoCollabHost.exe) and a malicious DLL (CiscoSparkLauncher.dll) that contains the Voldemort implant. The vulnerability affects versions 44.6.0.29928 through 44.7.0.30285 and allows unauthenticated attackers to execute arbitrary code by tricking users into clicking malicious meeting links. While Cisco confirmed no evidence of active exploitation as of April 16, the emergence of the Voldemort campaign suggests attackers may have begun weaponizing this or similar vulnerabilities. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The Voldemort malware employs multiple evasion tactics, including a large file size of approximately 600MB likely designed to bypass sandbox analysis. Upon execution, the malware implements a sleep function of 5-10 minutes with jitter to further evade automated security tools.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Apr 2025 09:15:12 +0000