Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Massive cyber attack against Eritrea’s Internet System

    May 26, 2024

    A massive cyber attack was unleashed against Eritrea’s Internet System on Independence Day, Friday, 24 May 2024, at 12:32’:47 in the afternoon hours. The attempt was foiled by the defensive countermeasures deployed promptly, and the network continued its functions without interruptions. The identity of the originators, architects, and implementers of the attempted cyber attack is not ...

  • Hellhounds: Operation Lahat. Part 2

    May 23, 2024

    In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks ...

  • Crooks plant backdoor in software used by courtrooms around the world

    May 23, 2024

    A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application ...

  • LockBit demands $25 million from Canadian pharmacy chain London Drugs after ransomware attack

    May 23, 2024

    The recent cyber-incident against Canadian pharmacy chain London Drugs was indeed a full-blown ransomware attack, with sensitive data being stolen, and a major ransom being demanded, the company has confirmed. In a statement given to The Register, the company said it had been hit, but stressed it also had no intention of paying the ransom demand. ...

  • ShrinkLocker: Turning BitLocker into ransomware

    May 23, 2024

    The original purpose of BitLocker is to address the risks of data theft or exposure from lost, stolen, or improperly decommissioned devices. Nonetheless, threat actors have found out that this mechanism can be repurposed for malicious ends to great effect. In that incident, the attackers were able to deploy and run an advanced VBS script that ...

  • Most recent cyber attacks on water systems won’t be the last, says cybersecurity expert

    May 23, 2024

    More government agencies are taking steps to shore up their cybersecurity measures. Earlier this week, the Environmental Protection Agency announced it would step up inspections of water facilities that may be vulnerable to cyberattacks. Why are government agencies more at risk when it comes to cyberattacks and operational vulnerabilities? Read more… Source: MSN News Sign up for our Newsletter Related: