Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Samsung patches zero-day security flaw used to hack into its customers’ phones
September 16, 2025
Samsung says it has fixed a zero-day security vulnerability that is being used to hack into its customers’ phones. The phone maker said the security flaw, discovered in a software library for displaying images on Samsung devices, allows hackers to remotely plant malicious code on Samsung devices running Android 13 through the most recent version, Android ...
- RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
September 16, 2025
RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests and travelers. RevengeHotels’ modus operandi involves sending emails with phishing links which redirect victims to websites mimicking document storage. These sites, in turn, download script files to ultimately infect the targeted machines. The final ...
- Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
September 15, 2025
In this article, Kaspersky researchers explore how the Model Context Protocol (MCP) — the new “plug-in bus” for AI assistants — can be weaponized as a supply chain foothold. The researchers start with a primer on MCP, map out protocol-level and supply chain attack paths, then walk through a hands-on proof of concept: a seemingly legitimate ...
- Another massive DDoS attack that reached 1.5 Bpps has been thwarted
September 13, 2025
A distributed denial-of-service attack targeting a DDoS mitigation vendor somewhere in Western Europe has been spotted and mitigated by FastNetMon. The firm says the attack peaked at a massive 1.5 billion packets per second, making it one of the largest packet-rate floods confirmed to date. FastNetMon says that the traffic was mainly a UDP flood sourced ...
- FBI: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion
September 12, 2025
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting organizations’ Salesforce platforms via different initial access mechanisms. The ...
- Vietnam Investigates Hackers Targeting National Credit Database Exposing Sensitive Financial Data
September 12, 2025
Vietnam is investigating a serious cyberattack on a large database that contains information about creditors across the country. The database belongs to the National Credit Information Center, also known as CIC. This center is managed by the State Bank of Vietnam and is responsible for storing highly sensitive financial data. The information inside the database includes ...

