Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Binge & Dan Murphys Among Major Brands Hit By Cyber Attack

    January 17, 2024

    Thousands of retail customers have fallen victim to a hacking scheme where scammers access their online accounts to make fraudulent transactions. Local scammers, having bought online login details from overseas cybercriminals, bragged in a chat online about purchasing iPhones, clothing and alcohol (almost $800 worth) with strangers’ money. The Iconic, an online retailer, said last week ...

  • Known Indicators of Compromise Associated with Androxgh0st Malware

    January 16, 2024

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting yielded the IOCs and TTPs, and provided ...

  • Data breach hits Navy contractor Fincantieri Marine Group

    January 15, 2024

    Italian shipbuilding firm Fincantieri’s U.S. arm Fincantieri Marine Group, which is a contractor for the U.S. Navy, disclosed that it had 16,769 individuals’ data compromised following an April ransomware attack that resulted in significant production disruptions. In breach notification letters sent to impacted individuals earlier this month, FMG said that some of its systems had been ...

  • Medical data breach could impact thousands from New Hampshire

    January 15, 2024

    A Massachusetts-based medical company is contacting over 900,000 people whose personal information may have been compromised in a data breach. In a letter to the New Hampshire attorney general’s office, Transformative Healthcare said the breach happened last year when someone gained access to an archived copy of data that previously belonged to Fallon Ambulance Service. Read more… Source: MSN ...

  • Hackers target UK in huge cyber attack ‘in response to airstrikes in Yemen’

    January 13, 2024

    Hackers say they launched a massive cyber attack against the UK in response to airstrikes in Yemen. Anonymous Sudan said Friday’s raid on an internet company was also because Britain had shown “support” for Israel. In a statement on messaging platform Telegram, the group warned: “Big attack on UK soon, in response to the air attacks ...

  • Joomla! vulnerability is being actively exploited

    January 12, 2024

    The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active ...