Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • LockBit ransomware attack stole data on millions of Infosys McCamish users

    July 1, 2024

    When LockBit ransomware affiliates struck Infosys McCamish Systems (IMS) in late 2023, they did not steal sensitive information on some 57,000 people, as was initially thought. Instead, the threat actors stole valuable intel on more than six million people, a new report the IMS shared with the US authorities has said. The type of information stolen ...

  • SentinelLabs uncovers new CapraRAT spyware targeting Android users

    July 1, 2024

    A new report released today by SentinelLabs, warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications. CapraRAT is an Android remote-access trojan virus used by a Pakistan-linked threat actor called Transparent Tribe, also known as APT36, which first emerged around 2018. The malware has primarily been used for ...

  • The biggest data breaches in 2024: 1B stolen records and rising

    June 29, 2024

    We’re over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can’t get any worse, they do. From huge stores of customers’ personal information getting scraped, stolen and posted online, to reams of medical ...

  • Remote access giant TeamViewer says Russian spies hacked its corporate network

    June 28, 2024

    TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network. In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). The Germany-based company said its investigation so far points to an initial intrusion on ...

  • 2024 U.S. Federal Elections: The Insider Threat

    June 28, 2024

    The Federal Bureau of Investigation (FBI), in coordination with the Department of Homeland Security’s (DHS) Office of Intelligence and Analysis (I&A), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Election Assistance Commission (EAC) prepared this overview to help partners defend against insider threat concerns that could materialize during the 2024 election cycle. For years, ...

  • Unauthenticated Command Injection in Netis Router

    June 28, 2024

    This week’s Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password parameter within the router’s web interface which allows for command injection. Fortunately for attackers, the router’s login page authorization can be bypassed ...