Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla
December 19, 2023
First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions of Microsoft Office. The CVE-2017-11882 vulnerability is ...
- #StopRansomware: ALPHV Blackcat
December 19, 2023
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service (RaaS) identified through FBI investigations as recently as Dec. 6, 2023. This advisory provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators ...
- Operation HAECHI IV: USD 300 million seized and 3,500 suspects arrested in international financial crime operation
December 19, 2023
LYON, FRANCE – A transcontinental police operation against online financial crime has concluded with almost 3,500 arrests and seizures of USD 300 million (approx. EUR 273 million) worth of assets across 34 countries. The six-month Operation HAECHI IV (July-December 2023) targeted seven types of cyber-enabled scams: voice phishing, romance scams, online sextortion, investment fraud, money laundering ...
- Mr. Cooper leaks personal data of 14 million loan and mortgage customers
December 19, 2023
A major mortgage and loan company based in Dallas, working under the name Mr. Cooper Group Inc. has released more information on a recent breach. In a data breach notification, the company didn’t say what type of cyberattack caused the compromise of customer data, calling it a rather non-descriptive “External system breach (hacking).” For those unfamiliar ...
- Europol publishes IOCTA spotlight report on online fraud schemes
December 19, 2023
Europol’s spotlight report on online fraud highlights that online fraud schemes represent a major crime threat in the EU and beyond as online fraudsters generate multiple billions in illicit profits every year to the detriment of individuals, companies and public institutions. Fraud schemes are perpetrated with the intention of defrauding victims of their assets using false ...
- Xfinity discloses a data breach but doesn’t say how many users are affected
December 18, 2023
Xfinity is notifying customers of a “data security incident” it says resulted in the theft of customer information, including usernames, passwords, contact information, and more. In a notice on Monday, Xfinity says “there was unauthorized access” to its systems from October 16th to October 19th, 2023. Xfinity traces the breach to a security vulnerability disclosed by ...

