Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Bluetooth tracking device company Tile data compromised in data breach

    June 13, 2024

    Another day, another data breach. Tile has fallen victim to a mammoth data breach, with cybercriminals stealing sensitive consumer data like names, physical addresses, and phone numbers, and even accessing tools that process location requests made by law enforcement. In addition to stealing personal data en masse, hackers have also demanded a ransom from Tile’s parent ...

  • DISGOMOJI Malware Used to Target Indian Government

    June 13, 2024

    In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137. The malware used in these recent campaigns, which Volexity tracks as DISGOMOJI, is written in Golang and compiled for Linux systems. Volexity assesses with high confidence that UTA0137 has espionage-related objectives and a remit ...

  • Cinterion EHS5 3G UMTS/HSPA Module Research

    June 13, 2024

    Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many product developers do not think of protecting their device from a potential modem compromise. ...

  • Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day

    June 12, 2024

    The Cardinal cybercrime group (aka Storm-1811, UNC4393), which operates the Black Basta ransomware, may have been exploiting a recently patched Windows privilege escalation vulnerability as a zero-day. The vulnerability (CVE-2024-26169) occurs in the Windows Error Reporting Service. If exploited on affected systems, it can permit an attacker to elevate their privileges. The vulnerability was patched on ...

  • Quebec: Police arrest three in connection with massive Desjardins data breach

    June 12, 2024

    Laval police say they arrested three suspects Wednesday in connection to a massive data breach at Desjardins Group made public in 2019. The data breach at the Quebec-based credit union is thought to be one of the largest ever among Canadian financial institutions, affecting roughly 4.2 million people and 173,000 businesses. The leaked information includes names, ...

  • How to Recognize and Defend Against Malicious Insider Threats

    June 12, 2024

    Insider threats arise from careless users, users with compromised credentials, or users who seek to cause harm intentionally. The latter type of user—the malicious insider—can be the most daunting for security teams to manage. It requires them to analyze a user’s behavior and determine whether they have bad intentions. Although less frequent, malicious insiders are costly. ...