Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Warning: Fraudulent App Impersonating LastPass Currently Available in Apple App Store
February 7, 2024
LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store. The app in question is called “LassPass Password Manager” and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal ...
- Cyber-hacking victims ‘paid out record $1.1bn in ransoms last year‘
February 7, 2024
Ransomware gangs staged a “major comeback” last year, according to research, with victims of hacking attacks paying out a record $1.1bn to assailants. Cyber criminals stepped up their global operations in 2023 after a lull in 2022, with victims including hospitals, schools and major corporations. Payments to criminal gangs in the wake of attacks doubled compared ...
- Surprising 3 Million Hacked Toothbrushes Story Goes Viral – Is It True?
February 7, 2024
A news story about the hacking of three million smart toothbrushes to create a massive botnet used to launch a distributed denial of service cyberattack against a Swiss organization has gone viral. However, many in the information security industry, including the author, have trouble finding evidence to support the story. Searching Google reveals that everything from ...
- Every tenth Russian faced cybercriminals in 2023 – Bank of Russia
February 7, 2024
Every tenth Russian respondent experienced cybercrime, with losses not exceeding 20,000 rubles (around $220), according to the published results of a survey conducted by the Bank of Russia in 2023. “Last year, there were more people who faced cybercriminals, with every tenth person becoming a victim. Typically, the loss was less than 20,000 rubles. Victims usually ...
- Known ransomware attacks up 68% in 2023
February 6, 2024
Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the ...
- Iran accelerates cyber ops against Israel from chaotic start
February 6, 2024
Since Hamas attacked Israel in October 2023, Iranian government-aligned actors have launched a series of cyberattacks and influence operations (IO) intended to help the Hamas cause and weaken Israel and its political allies and business partners. Many of Iran’s immediate operations after October 7 were hasty and chaotic – indicating it had little or no coordination ...

