Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Musk Blames DDoS Attack For 40-Minute Delayed Start to Trump’s X Livestream
August 13, 2024
Technical difficulties delayed former President Donald Trump’s live conversation with Elon Musk on X by over 40 minutes. Musk blamed the issues on a distributed denial-of-service (DDoS) cyberattack, in which a bad actor seeks to overload a target server with traffic, rendering it unusable. His claims could not be verified. “We unfortunately had a massive distributed ...
- ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
August 13, 2024
This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws ...
- FBI investigating attempts to hack Biden-Harris and Trump campaigns
August 12, 2024
Federal investigators are looking into whether Iranian hackers targeted individuals associated with the Trump and Biden-Harris campaigns, three people familiar with the investigation confirmed to CBS News. The FBI launched the probes in the early summer, after both presidential campaigns experienced attempted phishing schemes targeting people on the campaign, the sources said. Iran-backed cybercriminals are the ...
- EU’s Breton says Musk must comply with EU law ahead of Trump interview
August 12, 2024
EU industry chief Thierry Breton told billionaire Elon Musk in a letter on Monday he must comply with EU law ahead of Musk’s interview with U.S. presidential candidate Donald Trump on social media platform X. The interview, scheduled for 8PM Eastern Time (0000 Tuesday GMT), will also be accessible to users in the EU, Breton wrote, ...
- Ongoing Social Engineering Campaign Refreshes Payloads
August 12, 2024
On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7. The initial lure being utilized by the threat actors remains the same: an email bomb followed by an attempt to call impacted users and offer ...
- 5G network flaws could be abused to let hackers spy on your phone
August 12, 2024
5G basebands could be exploited by attackers to allow them to send fake messages to your contacts, or even hand over your credentials using a very real-looking website, experts have warned. Unveiled at the Black Hat cybersecurity conference, a research group from Pennsylvania State University presented their vulnerability sniffing tool 5GBaseChecker. Read more… Source: MSN News Sign up for ...

