Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

    August 3, 2023

    The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, Kaspersky researchers rely both on samples that they detect and their monitoring efforts, which cover botnets and underground forums. While doing so, the researchers found ...

  • Terrorism and cyber attack warning as 25 biggest threats facing Ireland revealed

    August 3, 2023

    Ireland faces an increased threat from terrorism and cyber-attacks – because we spend so little money on defence, the government has admitted. This year’s national risk assessment also finds that Ireland faces 25 different potential threats – from terrorism to financial instability, as well as climate change, AI and even housing problems. Read more… Source: Irish Mirror  

  • Cyberattacks targeting utility firms at ‘alarmingly high levels’

    August 2, 2023

    Utility firms such as electricity providers have become the new frontier for cyberattacks, reaching “alarmingly high levels” last year, the International Energy Agency (IEA) has warned. Russia’s invasion of Ukraine gave fresh impetus to cyber criminals to attack electricity grids and demand ransoms from energy companies scarcely able to defend themselves due to a cybersecurity ...

  • Transcending Silos: Improving Collaboration Between Threat Intelligence and Cyber Risk

    August 2, 2023

    Cyber Threat Intelligence (CTI) and risk management have emerged as distinct disciplines, yet they share many similarities in their mission. Both approaches inform decision-making by providing high-quality insight on the most relevant threats and risks impacting organizations. Although risk and CTI teams approach this challenge from different vantage points, their underlying shared mission creates exciting ...

  • Midnight Blizzard conducts targeted social engineering over Microsoft Teams

    August 2, 2023

    Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM). This latest attack, combined with past activity, further demonstrates Midnight Blizzard’s ongoing execution of their objectives using both new and common ...

  • Sha zhu pan scam uses AI chat tool to target iPhone and Android users

    August 2, 2023

    Over the past two years, we have been tracking a variety of scams targeting mobile device users, generally referred to as “shā zhū pán” (杀猪盘, which translates as “butcher plate”) or “Pig Butchering.” This includes a category we labelled as “CryptoRom” when we initially investigated it in 2020, because of its two distinguishing characteristics—a focus on ...