Last month, a customer reported suspicious behavior on their WordPress site, leading to the discovery of a sophisticated phishing attack involving a fake Google Meet page. Instead of stealing credentials, the attack used social engineering to trick users into copying and executing a malicious PowerShell command under the guise of fixing a microphone issue. This command downloaded and ran a RAT (Remote Access Trojan) via a script hosted on the same compromised site. The attack is notable for its self-contained nature (no external scripts), effective deception tactics, and severe consequences — full system compromise. The attackers relied on user trust and manual execution, bypassing many typical security filters.

‍