Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Deceptive Cracked Software Spreads Lumma Variant on YouTube

    January 8, 2024

    FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. We found and reported on a similar attack method via YouTube in March 2023. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL ...

  • Hundreds of museums hit by cyber attack

    January 8, 2024

    Hundreds of art institutions and museums have been affected by a cyber attack on the Gallery Systems software company, with those impacted having used the software to organise their online archives. Last month, Gallery Systems informed its clients that computers using its software had become encrypted and could no longer operate. They launched an investigation, enlisted ...

  • Lebanon: Beirut airport screens come under cyberattack

    January 8, 2024

    Beirut airport on Sunday came under a cyberattack, Lebanon’s state news agency said, with footage shared by local media showing anti-Hezbollah messages had replaced screen displays at its terminal. Lebanon’s National News Agency said “the cyberattack on the departure and arrival screens at the airport disrupted the BHS baggage inspection system.” It added that authorities were ...

  • Explained: SMTP smuggling

    January 7, 2024

    SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what it is exactly, and how cybercriminals can use ...

  • Bangladesh: Cyber attack on Smart Election Commission app from two countries

    January 7, 2024

    A cyber attack has been carried out on the app ‘Smart Election Management BD’ of the Election Commission (EC) from Ukraine and Germany, said EC Secretary Md Jahangir Alam on Sunday. He told the media that the Election Commission (EC) had created a mobile application which was providing real-time voting information. However, voters were complaining since ...

  • Top legal firm specializing in data breaches…hit by data breach

    January 6, 2024

    Top legal firm that specializes in helping other organizations in the aftermath of a data breach has ironically suffered one such incident itself. Orrick, Herrington & Sutcliffe has sent out a breach notification letter to affected individuals, confirming it had been the victim of an intrusion that happened in March 2023. Read more… Source: MSN News