Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Indonesia’s tax agency probes alleged personal data breach

    September 19, 2024

    Indonesia’s tax agency is investigating an alleged data breach that exposes the taxpayer identification numbers of millions of Indonesians, including President Joko “Jokowi” Widodo, his ministers and his two sons, an official said. A series of cyber-attacks have hit Indonesian companies and government agencies in the past few years, which experts attribute to the government’s lax ...

  • Cyber attack on city of Wichita limited to police records, internal investigation finds

    September 19, 2024

    A ransomware attack that crippled the city of Wichita’s network for more than a month starting in May was limited to a Wichita Police Department records system, city officials said Wednesday. That means the Russian hacker group — LockBit — that claimed credit for the attack did not access bank card numbers, social security numbers or ...

  • Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

    September 18, 2024

    Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. Unit 42 researchers named these infected software packages PondRAT. They’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine Sleet, ...

  • Hacker claims to have for sale 87 million strong database after suspected Temu breach

    September 18, 2024

    A cybercriminal claims to have breached Temu and stolen millions of customer records, but the ecommerce giant is vehemently denying the claims. A hacker with the alias ‘smokinthashit’ took to BreachForums, one of the most popular underground forums out there, and advertised a new database, allegedly stolen from the company. “Temu company database for sale. +87M ...

  • Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers

    September 18, 2024

    The Justice Department today announced a court-authorized law enforcement operation that disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide. As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity ...

  • Lebanon: Nine killed, 300 wounded in a new wave of explosions across the country

    September 18, 2024

    At least nine people have been killed and 300 were wounded in Lebanon in a new wave of blasts related to communication devices, the Health Ministry has said, a day after thousands of pagers used by Hezbollah detonated across the country. Multiple explosions were reported across Lebanon on Wednesday, with state-run National News Agency saying that ...