Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Freight giant Estes confirms data breach, but says it won’t pay ransom

    January 5, 2024

    The October 2023 cyberattack against Estes Express Lines was indeed ransomware, but the company has paid no ransom demand as yet. The company confirmed the news in an email recently sent to affected customers. As per the email, sent to roughly 21,000 people, threat actors accessed the company’s IT infrastructure on October 1, 2023, and managed ...

  • Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer

    January 5, 2024

    Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families Unit 42 examine. The configuration data embedded within malware can offer invaluable insights into the intentions of cybercriminals. However, due to its significance, malware authors deliberately ...

  • 23andMe blames “negligent” breach victims, says it’s their own fault

    January 4, 2024

    In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors managed to access ...

  • Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices

    January 3, 2024

    On December 5th, 2023, FortiGuard’s AI-driven OSS malware detection system identified three intriguing PyPI (Python Package Index) packages. These packages, upon initial use, deploy a CoinMiner executable on Linux devices. Leveraging our historical malware database, Fortinet researchers noted that the indicators of compromise (IoCs) for these packages bear a resemblance to the “culturestreak” PyPI package discovered ...

  • Orange suffers cyber attack affecting clients’ internet access in Spain

    January 3, 2024

    The Spanish unit of telecoms provider Orange on Wednesday suffered a cyber attack that affected an undisclosed number of clients who could not access certain websites, a company spokesperson said. The unauthorized access to Orange’s IP network coordination centre has been mostly solved and was neutralized by Orange, the second largest telecoms provider in Spain, the ...

  • ‘Lazy’ broadband engineers blamed for exposing hospitals and banks to cyber attacks

    January 2, 2024

    Hospitals and banks are more exposed to cyber attacks because “lazy” broadband engineers are failing to fill in crucial forms, it has been alleged. Industry sources warned of a “Wild West” among contractors who are not handing over information about when and where they are working on BT’s network. Read more… Source: MSN News