Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Hackers stole $2 billion in crypto in 2023, data shows

    December 26, 2023

    For yet another year, hackers stole billions of dollars in crypto. But for the first time since 2020, the trend is downwards, according to crypto security firms. This year, hackers stole around $2 billion dollars in crypto across dozens of cyberattacks and thefts, according to De.FI, the web3 security firm that runs the REKT database. The ...

  • Estonia: At least one case of extortion reported following Asper Biogene data leak

    December 25, 2023

    Investigations into the Asper Biogene data leak that came to light last week are ongoing, and there is already at least one known case of an attempt to extort money from an individual in connection with the data leak. When the data theft case came to light, police warned that the situation could be exploited by ...

  • The rising threat of phishing attacks with Crypto Drainers

    December 22, 2023

    A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks. These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks ...

  • Rhode Island: Data breach at Wyatt steals info of detainees, staff and vendors

    December 22, 2023

    At least 1,454 detainees of the Donald W. Wyatt Detention Facility, 438 current and former staff members and 92 vendors have been affected by a virus in the facility’s computer system, Wyatt announced Friday. The FBI is now investigating the matter, which Wyatt discovered on November 2. “At this time, we believe that various types of ...

  • Cyberattack forces First American to take some IT systems offline

    December 22, 2023

    First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website. At press time, the official website firstam.com was still offline, while a dedicated notification site – firstamupdate.com – was set up. There is a short notification ...

  • Indian IT services giant HCL Technologies hit by ransomware

    December 22, 2023

    Indian IT giant HCL Technologies apparently suffered a significant ransomware attack. Multiple media sources are claiming that the company filed a new report with the National Stock Exchange of India, in which it describes falling prey to a limited ransomware attack, stating that it “has become aware of a ransomware incident in an isolated cloud environment ...