Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ontario: City of Hamilton confirms ransomware is behind cyber attack

    March 5, 2024

    Ransomware is behind the cyber attack on the city of Hamilton, Ont., the municipality’s city manager says. Marnie Cluckie told reporters Monday afternoon that the attack, which was detected the evening of Sunday, Feb. 25, was the result of ransomware. She wouldn’t say what strain of the malware the city has been hit with, how long ...

  • Hacker forum post claims UnitedHealth paid $22 mln ransom in bid to recover data

    March 5, 2024

    A post on a hacker forum popular with cybercriminals has claimed UnitedHealth Group opens new tab paid $22 million in a bid to recover access to data and systems encrypted by the “Blackcat” ransomware gang, according to two researchers. Neither UnitedHealth nor the hackers involved have commented on the alleged ransom payment, but a cryptocurrency tracing ...

  • Network tunneling with… QEMU?

    March 5, 2024

    While investigating an incident at a large company a few months ago, kaspersky researchers detected uncommon malicious activity inside one of the systems. They ran an analysis on the artifacts, only to find that the adversary had deployed and launched the following: The Angry IP Scanner network scanning utility The mimikatz password, hash, and Kerberos ticket extractor, and ...

  • US airman pleads guilty to leaking classified documents

    March 5, 2024

    Jack Teixeira, a member of the Massachusetts Air National Guard charged with leaking classified military documents on a social media platform, pleaded guilty on Monday to carrying out one of the most serious U.S. national security breaches in years. The 22-year-old pleaded guilty to six counts of willful retention and transmission of classified information relating to ...

  • Iran foiled nearly 200 cyber-attacks in month to elections

    March 5, 2024

    Head of Iran’s Civil Defense Organization Brigadier General Gholamreza Jalali says Iran has foiled nearly 200 cyber-attacks in the month leading up to the recent parliamentary elections. In an interview with Iranian television on Monday, Jalali said some 4 or 5 major cyber-attacks were carried out during the same period but were foiled by the experts ...

  • Third-party breach leads to American Express customer data compromise

    March 4, 2024

    Payment card provider American Express Company is warning customers that their credit card details may have been exposed following a breach involving a third-party provider. The details were first revealed in a filing with the State of Massachusetts, with a form letter sent to affected customers stating that a third-party service provider “engaged by numerous merchants ...