Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Halliburton probes impact of cyber attack with law enforcement

    August 24, 2024

    Top U.S. oilfield services firm Halliburton said on Friday it was working with law enforcement to determine the extent of a computer systems breach and was yet to determine if the incident would have a material impact on its business. The $23-billion company became aware of the cyber attack on Wednesday, it said in its first ...

  • Russia blames mass tech outages on DDoS attack

    August 23, 2024

    The Russian government has blamed the widespread outage of several popular mobile applications on a distributed denial of service (DDoS) attack. The outage affected a number of messaging apps and online services, including Telegram, WhatsApp, Skype, Wikipedia, Steam, Discord, Twitch, and VKontakte – a Russian social network. However, people in Moscow reported regaining access to services ...

  • Europe’s leading solar power grid is ‘vulnerable’ to hackers

    August 21, 2024

    A recent study by a cybersecurity firm confirmed that the Dutch solar energy grid is vulnerable to multiple types of attacks on its system. A new study by a cybersecurity firm confirmed that one of Europe’s largest solar energy grids is vulnerable to multiple types of attacks on its system. Over a six-month period, researchers with ...

  • Security gaps leave local governments vulnerable to a variety of cyber threats

    August 21, 2024

    Cities and counties are beefing up their IT security, and that makes sense, says Augustine Boateng, interim chief information officer (CIO) in Memphis, Tenn. “It’s important to note that local governments have developed a reputation over the years for having lackluster cybersecurity; and not without good reason. As a result, we’re seeing more and more cyberattacks ...

  • Microchip Technologies hit by cyberattack

    August 21, 2024

    Microchip said an ‘unauthorised party’ disrupted its systems and has impacted its ability to fulfill manufacturing orders. US chipmaker Microchip Technologies has been hit with a cyberattack, disrupting its systems and impacting its manufacturing capabilities. The company revealed the details in a filing with the Securities and Exchange Commission and said it detected “suspicious activity” on ...

  • Toyota confirms customer and employee data stolen, says breach at third party to blame

    August 21, 2024

    Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. Toyota told BleepingComputer that a breach at a third party had led to the ...