Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Pharma giant Cencora hit by major cyberattack

    February 28, 2024

    Cencora has confirmed suffering a data breach earlier this month which resulted in the theft of sensitive, personal data. Cencora is a drug wholesale company and a contract research firm that was previously known as Amerisource Bergen. It was formed in 2001, after the merger of Bergen Brunswig and AmeriSource. Read more… Source: MSN News  

  • Navigating the Cloud: Exploring Lateral Movement Techniques

    February 28, 2024

    In this post, Unit 42 researchers reseat examine lateral movement techniques, showcasing some that they have observed in the wild within cloud environments. Lateral movement can be achieved by leveraging both cloud APIs and access to compute instances, with access at the cloud level potentially extending to the latter. We explore cloud lateral movement techniques in ...

  • Most data breaches on enterprise attack the supply chain

    February 28, 2024

    The vast majority of data breaches happening in the enterprise occurred through the software and technology supply chain. This is according to the Global Third-Party Cybersecurity Breach Report, a new research paper published by the SecurityScorecard security organization. As per the report, 75% of all third-party breaches targeted the software and technology supply chains, mostly because ...

  • Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts

    February 27, 2024

    Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety of industry verticals, including the U.S. defense industrial base sector. Following the initial publication on Jan. 10, 2024, Mandiant observed mass attempts to exploit these vulnerabilities by a small number of China-nexus threat actors, and development of a mitigation bypass exploit targeting ...

  • European diplomats targeted by SPIKEDWINE with WINELOADER

    February 27, 2024

    Zscaler’s ThreatLabz discovered a suspicious PDF file uploaded to VirusTotal from Latvia on January 30th, 2024. This PDF file is masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting event in February 2024. The PDF also included a link to a fake questionnaire that redirects users to a malicious ZIP ...

  • Malicious Apple Shortcuts could bypass security features to steal data

    February 23, 2024

    Apple Shortcuts could be used to steal sensitive data from Apple devices due to a high-severity vulnerability. Shortcuts is an app created by Apple that allows users to create customized task workflows on Apple devices and automate processes using a combination of built-in functions. Custom shortcuts can be exported and shared with other users, and shortcuts ...