Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Financially motivated threat actors misusing App Installer

    December 28, 2023

    Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware. In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks. In response to ...

  • Yakult Australia targeted in cyber attack, employee files published on dark web

    December 28, 2023

    Iconic probiotic company Yakult Australia has been hit by a significant cyber attack that has seen its company records and sensitive employee documents, such as passports, published on the dark web. Yakult Australia confirmed its Australian and New Zealand IT systems were impacted by a “cyber incident”. Read more… Source: MSN News  

  • A cyberattack targets Albanian Parliament, cellphone provider and air flight company

    December 27, 2023

    Albania’s Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. A statement said Monday’s cyberattack had not “touched the data of the system,” adding that experts were working to discover what consequences the attack could have. It said ...

  • Henry Schein Sales Hurt by Cyber Attack, Macro Woes

    December 27, 2023

    Henry Schein (HSIC) is currently entangled in a major cyber-attack incident. Headwinds like unfavorable currency movement and global economic uncertainties continue to affect the company. The stock carries a Zacks Rank #4 (Sell). In October 2023, Henry Schein stated that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident. Henry Schein took precautionary ...

  • Israel’s Cyber Directorate warns of phishing attack by Iran-based hacking squad

    December 26, 2023

    Israel’s National Cyber Directorate issued a statement Tuesday warning of a phishing attack by Iranian hackers. Posing as American network security conglomerate F5, Iranian hackers sent an email to IT officials in multiple Israeli companies with instructions to download what seems like an update, but is actually malware, said the directorate. Working with an unnamed commercial ...

  • Motorists data stolen as RingGo parking app-owner hit by cyber attack

    December 26, 2023

    Hackers have stolen data including partial credit card numbers from parking apps used by millions of motorists. EasyPark, which owns RingGo and ParkMobile, said the details of at least 950 customers in the UK had been stolen by hackers, including names, phone numbers, addresses, email addresses and parts of credit card numbers. Read more… Source: MSN News