Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

    April 17, 2026

    IoT devices are increasingly prime targets for large-scale attacks due to their widespread use, lack of patching, and often weak security settings. Threat actors continue exploiting known vulnerabilities to gain initial access and deploy malware that can persist, spread, and cause distributed denial-of-service (DDoS) attacks. FortiGuard Labs has analyzed a recent campaign exploiting CVE-2024-3721 in TBK ...

  • Cisco tells Webex users to patch critical security flaws immediately

    April 17, 2026

    Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop. Webex Services is a platform for communication and collaboration, letting people hold video meetings, ...

  • Adapt or pay: an analysis of the AdaptixC2 framework

    April 17, 2026

    As highlighted in our previous post about the Mythic framework, threat actors are rapidly adopting emerging technologies and frameworks. A prime example of this trend is AdaptixC2, a relatively new open-source post-exploitation framework that has quickly captured the attention of the offensive security community. Its popularity stems from its open-source nature and high extensibility; the framework ...

  • British National Pleads Guilty to Hacking into Companies and Stealing At Least $8 Million in Virtual Currency

    April 17, 2026

    SANTA ANA, California – A United Kingdom man pleaded guilty today to conspiring with others to hack into the computer systems of at least a dozen companies via text message phishing attacks and to steal at least $8 million in virtual currency from individual victims throughout the United States. Tyler Robert Buchanan, 24, of Dundee, Scotland, ...

  • Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

    April 16, 2026

    Microsoft Threat Intelligence uncovered a macOS‑focused cyber campaign by the North Korean threat actor Sapphire Sleet that relies on social engineering rather than software vulnerabilities. By impersonating a legitimate software update, threat actors tricked users into manually running malicious files, allowing them to steal passwords, cryptocurrency assets, and personal data while avoiding built‑in macOS security checks. ...

  • “iCloud storage is full” scam is back, and now it wants your payment details

    April 16, 2026

    A few months ago, we reported on a fake cloud storage alert that triggered a redirect chain to an app that has since been delisted from the Apple Store. The threat of losing your photos is a powerful lure, so scammers are now using it to steal personal and financial details. The Guardian warns about an ...