Ghost Calls: The Sneaky New Hack That Turns Zoom into a C2 Tunnel
Ghost Calls, the stealthy C2 evasion method, exploits TURN servers used by apps like Zoom and Teams to cloak nefarious traffic as innocent video calls. By hijacking legitimate credentials, it brilliantly turns a virtual meeting into a hacker’s playground, making sneaky look way too easy.
Hot Take:
Oh, the ghostly wonders of modern-day hacking! Just when you thought your virtual meetings were only haunted by awkward silences and the occasional “You’re on mute,” here come Ghost Calls to prove that even your conference calls have a spooky side. Forget the Scooby-Doo gang, we need a new cybersecurity task force to deal with these invisibly cloaked intruders!
Key Points:
– Ghost Calls use TURN servers from conferencing apps to disguise command-and-control traffic as regular video conferencing.
– The method was revealed by Adam Crosser at BlackHat USA and is intended for Red Team exercises.
– TURN (Traversal Using Relays around NAT) is the secret sauce allowing ghostly evasion through NAT firewalls.
– The open-source utility ‘TURNt’ has been developed to facilitate this new post-exploitation method.
– Both Zoom and Microsoft Teams have been contacted for comments on this new tactic, but responses are pending.