Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Westpac and St George customers report third day of difficulties accessing internet banking

    October 15, 2024

    Westpac and subsidiaries including St George, Bank of Melbourne and BankSA have been hit by a string of outages. The bank said services were restored on Wednesday afternoon, but some customers continued to report disruptions. Treasurer Jim Chalmers says the government has been in contact with Westpac and described the internet and mobile banking issues as ...

  • Beyond the Surface: the evolution and expansion of the SideWinder APT group

    October 15, 2024

    SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, ...

  • Sri Lanka arrests over 230 Chinese in cybercrime raids

    October 15, 2024

    Sri Lankan police have arrested more than 230 Chinese men accused of targeting international banks in online scams, the foreign minister said on Tuesday (Oct 15), with help from security officials sent by Beijing. Vijitha Herath said police raids over the past week had also seized 250 computers and 500 mobile phones used in the alleged ...

  • Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.

    October 15, 2024

    In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document. However, the email ...

  • Whispers from the Dark Web Cave. Cyberthreats in the Middle East

    October 14, 2024

    The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequences as well as defensive strategies. The five prevalent cybersecurity threats in the Middle East covered ...

  • Cyber Attack Hits French Leading News Agency AFP

    October 14, 2024

    French news agency Agence France-Presse (AFP) suffered a cyber attack that disrupted its content delivery infrastructure and file transfer systems. It operates English, French, Arabic, Portuguese, and Spanish news channels and employs over 2,400 people in 150 countries. AFP said it was working to restore impacted systems and has engaged French cybersecurity agency ANSSI and law ...