Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Exploring the (Not So) Secret Code of Black Hunt Ransomware

    February 5, 2024

    It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black Hunt ransomware wreaked havoc by compromising around 300 companies in ...

  • Classified Japanese diplomatic info leaked after Chinese cyberattacks in 2020

    February 5, 2024

    Classified Japanese diplomatic information was leaked following Chinese cyberattacks on the Foreign Ministry in 2020, a government source said Monday, exposing the nation’s digital vulnerability. Japan detected the large-scale attack and release of diplomatic telegrams during a period of government under then Prime Minister Shinzo Abe, the source said, but the nature of the leaked information ...

  • Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs

    February 3, 2024

    Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research. In a scenario that elicits strong memories of that nail-biting flight scene from Die Hard 2, researchers investigating electronic flight bags (EFBs) found the app used by Airbus pilots was ...

  • Philippines: Cyber attack on Overseas Workers Welfare Administration website foiled

    February 3, 2024

    The Department of Information and Communications Technology (DICT) has prevented a cyber attack aimed at taking down the website of the Overseas Workers Welfare Administration (OWWA). At the Saturday News Forum, DICT Undersecretary for Cybersecurity Jeff Ian Dy said the DICT was able to “defend” various web applications related to OWWA from cyber attacks. The DICT ...

  • Europcar’s Alleged Data Breach Wasn’t Done Using AI, Experts Argue

    February 2, 2024

    French car rental company Europcar made headlines earlier this week following reports of an alleged data breach affecting nearly 50 million customers. Cyber security platform HackManac reported the incident on January 30th, noting that the stolen database containing usernames, passwords, full names, addresses, and several other user-identifying information had been listed for sale on a hacking ...

  • Cloudflare blames previous Okta breach for November 2023 cyberattack

    February 2, 2024

    Cloudflare is laying the blame for the cyberattack it suffered late last year the after-effects of the critical Okta breach. The content delivery service provider has published a blog post detailing the cybersecurity incident it suffered on Thanksgiving Day 2023, noting that on November 23, 2023, a threat actor accessed the company’s self-hosted Atlassian server. Read more… Source: ...