Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information

    October 31, 2024

    HUMAN’s Satori Threat Intelligence and Research team recently uncovered and disrupted a sprawling fraud operation centered on fake web shops that abuse digital payment providers to steal consumers’ money and credit card information. The threat, dubbed Phish ’n’ Ships, is made up of hundreds of fake web shops offering in-demand items. The threat actors, whose internal ...

  • Loose-lipped neural networks and lazy scammers

    October 31, 2024

    One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing ...

  • Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

    October 31, 2024

    Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is publishing ...

  • Android malware FakeCall intercepts your calls to the bank

    October 31, 2024

    An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing ...

  • Peru: Cybercriminals demand 4 million dollars for Interbank customer data

    October 31, 2024

    Organized crime in Peru has taken a worrying turn, extending its activities from attacks on public transport companies and kidnapping businessmen to cybercrime. These criminals use advanced technology to extort money from large companies, including the recent attack on Interbank bank. Reportedly criminals have breached Interbank’s security systems, stealing the database of millions of customers and ...

  • Bedfordshire is the UK’s cyber crime capital

    October 30, 2024

    The rate in Bedfordshire was nearly four times higher than neighbouring Hertfordshire, which saw 1,300 incidents among its 1.2 million population, reveals analysis of National Fraud Intelligence Bureau (NFIB) data by IT experts Computer Care. Lincolnshire was the police area least affected by cyber crime, with only 438 reports among the one million population – equal ...