Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Indirect prompt injection in the real world: how people manipulate neural networks

    August 12, 2024

    Large language models (LLMs) – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. Systems built on instruction-executing LLMs may be vulnerable to prompt injection attacks. A prompt is a text description of a task that the system is to perform, for example: “You are a ...

  • Swiss-based Schlatter says IT network affected by cyberattack

    August 12, 2024

    Engineering company Schlatter Industries’ IT network was attacked with malware on Friday and it can be assumed this was a professional attack, the Switzerland-based company said on Monday. The group was hit on Friday by a cyberattack using malware, and the unknown perpetrators were attempting to “blackmail Schlatter”, it said, disclosing no further details. The group ...

  • Venezuela is the Victim of a Cyber Coup

    August 10, 2024

    On Friday, Joaquin Perez, the Deputy Ambassador of Venezuela to the United Nations, participated in the United Nations Convention on Cybercrime meeting held in New York. The Bolivarian diplomat denounced that Venezuela is being subjected to a cyber coup d’état orchestrated by transnational far-right powerful actors who control major media outlets and social networks. “The meeting ...

  • Windows Downdate: Downgrade Attacks Using Windows Updates

    August 9, 2024

    A version-rollback vulnerability has been discovered by a cybersecurity researcher that allows a fully patched Windows machine to be downgraded to older version, allowing the exploitation of previously patched zero-days and vulnerabilities. Alon Leviev unveiled his findings at Black Hat USA 2024 and DEF CON 32 (2024) as a tool named Windows Downdate. Leviev started their journey ...

  • Security company ADT announces security breach of customer data

    August 9, 2024

    Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision (SEC) to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” ADT filed the 8-K on August 7, adding that the incident happened “recently,” but refraining from providing an exact date. The company ...

  • UK police commissioner threatens to extradite, jail US citizens over online posts

    August 9, 2024

    London’s Metropolitan Police chief warned that officials will not only be cracking down on British citizens for commentary on the riots in the U.K., but on American citizens as well. “We will throw the full force of the law at people. And whether you’re in this country committing crimes on the streets or committing crimes from ...