Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants

    September 19, 2023

    Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the ...

  • CISA Releases Four Industrial Control Systems Advisories

    September 19, 2023

    CISA released four Industrial Control Systems (ICS) advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console ICSA-23-262-03 Omron Engineering Software Zip-Slip Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds One Known Exploited Vulnerability to Catalog  

  • Ransomware Attacks on Gaming Industry – A CISO Perspective

    September 19, 2023

    The gaming industry is experiencing a surge in cyber attacks because of its vast reservoirs of sensitive customer information, financial transactions, and interconnected operations. Zscaler’s ThreatLabz threat research team reported earlier this year that ransomware attacks had grown 37% overall year-over-year, with the average cost of an attack reaching a whopping $5.3M. The Department of Homeland ...

  • Ransomware site claims to have stolen Auckland Transport data

    September 19, 2023

    A dark web ransomware site is claiming to have data stolen from Auckland Transport, a cyber threat analyst says. The transport agency was the victim of a cyber attack last week, which brought down the city’s ticket payment system. AT said no customer data has been compromised in the attack. A dark web ransomware site is ...

  • Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says

    September 19, 2023

    Hackers who breached casino giants MGM Resorts International and Caesars Entertainment in recent weeks also broke into the systems of three other companies in the manufacturing, retail, and technology space, a security executive familiar with the matter said. David Bradbury, chief security officer of the identity management company Okta, said five of the company’s clients, including ...

  • ThemeBleed exploit is another reason to patch Windows quickly

    September 18, 2023

    Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept (PoC) exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The ThemeBleed vulnerability was listed ...