Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New cyberattack targets iPhone Apple IDs
July 6, 2024
A new cyberattack is targeting iPhone users, with criminals attempting to obtain individuals’ Apple IDs in a “phishing” campaign, security software company Symantec said in an alert Monday. Cyber criminals are sending text messages to iPhone users in the U.S. that appear to be from Apple, but are in fact an attempt at stealing victims’ personal ...
- Cybercrime groups restructuring after major takedowns
July 6, 2024
Cybercrime gangs are looking to rebuild with new tactics after global police operations this year made a huge dent in their activities, experts have told AFP. The gangs have had a bad year so far, with law enforcement operations taking out some of prominent groups including LockBit, a loose network of largely Russian-speaking cyber criminals. LockBit ...
- OpenAI breach is a reminder that AI companies are treasure troves for hackers
July 5, 2024
There’s no need to worry that your secret ChatGPT conversations were obtained in a recently reported breach of OpenAI’s systems. The hack itself, while troubling, appears to have been superficial — but it’s reminder that AI companies have in short order made themselves into one of the juiciest targets out there for hackers. The New York ...
- Ticketmaster hackers release stolen ticket barcodes for Taylor Swift Eras Tour
July 5, 2024
The cybercriminals who claimed responsibility for the Ticketmaster data breach say they’ve stolen 440,000 tickets for Taylor Swift’s Eras Tour. As proof, an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters who are both aliases associated with the breach, leaked 170k barcodes for free for Taylor Swift’s ERAS Tour. In a post on ...
- India’s Airtel dismisses data breach reports amid customer concerns
July 5, 2024
Airtel, India’s second-largest telecom operator, on Friday denied any breach of its systems following reports of an alleged security lapse that has caused concern among its customers. The telecom group, which also sells productivity and security solutions to businesses, said it had conducted a “thorough investigation” and found that there has been no breach whatsoever into ...
- Yet another top US healthcare service provider has been hacked, with patient data exposed
July 4, 2024
Following the likes of ChangeHealthcare, Kaiser, Cencora, and several others during the past few months, another major US healthcare service has reported suffering a cyberattack that resulted in the theft of sensitive patient data. This latest victim is HealthEquity, which was on the receiving end of an apparent supply chain attack. In an 8-K form, filed ...

