Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Analyzing AsyncRAT’s code injection into aspnet_compiler.exe across multiple incident response cases
December 11, 2023
During their recent investigations, the Trend Micro Managed XDR (MxDR) team handled various cases involving AsyncRAT, a Remote Access Tool (RAT) with multiple capabilities, such as keylogging and remote desktop control, that make it a substantial threat to victims. This blog entry delves into MxDR’s unraveling of the AsyncRAT infection chain across multiple cases, shedding light ...
- Europol warning on the criminal use of Bluetooth trackers for geolocalisation
December 11, 2023
For the past several years, Europol has been observing a growing crime phenomenon: the use of Bluetooth trackers in organised crime. Bluetooth trackers are small devices designed to help people find personal objects, such as keys and bags, as well as vehicles at risk of theft. They can be attached to an item one does not ...
- Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns
December 8, 2023
The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organisations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau ...
- INTERPOL operation reveals further insights into ‘globalization’ of cyber scam centres
December 8, 2023
LYON, France – The first INTERPOL operation specifically targeting the phenomenon of human trafficking-fuelled fraud has revealed further evidence that the crime trend is expanding beyond Southeast Asia. Following five months of investigative coordination, law enforcement from participating countries carried out more than 270,000 inspections and police checks at 450 human trafficking and migrant smuggling hotspots ...
- You versus adversaries: How to become unbeatable in 20 cybersecurity moves
December 8, 2023
In today’s landscape, every business is inherently based on technology, increasing its susceptibility to significant and frequent threats that can hinder operations, success, and sustainability. At times, it can cause damage that is hard to bounce back from. Securing your organization, therefore, requires a deliberate, proactive, and holistic approach — you must keep constant tabs on ...
- MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF
December 7, 2023
FortiGuard Labs recently identified an email phishing campaign using deceptive booking information to entice victims into clicking on a malicious PDF file. The PDF downloads a .NET executable file created with PowerGUI and then runs a PowerShell script to fetch the final malware, known as MrAnon Stealer. This malware is a Python-based information stealer compressed with ...

