Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400

    April 22, 2024

    This threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made. Updated April 19 to include information on observed levels of attempted exploitation and relative prevalence of those levels, with unsuccessful ...

  • Androxgh0st malware ramps up global attacks

    April 22, 2024

    More than 600 servers worldwide have been subjected to recent attacks with the Androxgh0st malware, reports Hackread. The U.S., India, and Taiwan accounted for the bulk of the impacted servers, which were compromised by Androxgh0st malware operators through web shells deployed via the exploitation of several security vulnerabilities, including CVE-2019-2725, CVE-2021-3129, and CVE-2024-1709, a report from ...

  • ToddyCat is making holes in your infrastructure

    April 22, 2024

    Kapersky researchers continue covering the activities of the APT group ToddyCat. In their previous article, they described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, the researchers have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract ...

  • UK government cannot protect businesses and services from cyber attacks

    April 22, 2024

    UK businesses are rapidly losing confidence in the government’s ability to protect them from cyberattacks. This is according to a new report from cybersecurity researchers Armis, which states that the lack of faith is higher than anywhere else in Europe. To draft the report, Armis surveyed more than 2,600 global security and IT decision-makers, and included ...

  • MITRE says it was hit by hackers exploiting Ivanti flaws

    April 22, 2024

    The not-for-profit research and development organization MITRE suffered a cyberattack early this year, with the attack apparently hindering some operations, but there was no talk of stolen data. In a breach notification published on the MITRE website late last week, CEO and president Jason Providakes explained what happened and what the organization was doing about it. Read ...

  • Leicester street lights stuck on all day due to cyber attack

    April 22, 2024

    A cyber attack targeting Leicester City Council has led to some street lights being stuck on all day. The attack crippled the authority’s services seven weeks ago and led to confidential documents being published online by the hackers, including rent statements and applications to buy council houses. Read more… Source: MSN News Sign up for our Newsletter Related: