Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Grandoreiro banking malware targets manufacturers in Spain, Mexico

    August 19, 2022

    The notorious ‘Grandoreiro’ banking trojan was spotted in recent attacks targeting employees of a chemicals manufacturer in Spain and workers of automotive and machinery makers in Mexico. The malware has been active in the wild since at least 2017 and remains one of the most significant threats of its kind for Spanish-speaking users. The recent campaign, spotted ...

  • Two years on, Apple iOS VPNs still leak IP addresses

    August 19, 2022

    Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there’s no sign of a fix. Back in early 2020, secure mail provider ProtonMail reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic. The issue was that the ...

  • CISA releases 5 Industrial Control Systems Advisories

    August 18, 2022

    CISA has released 5 Industrial Control Systems (ICS) advisories on August 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-172-01 Mitsubishi Electric MELSEC iQ-R, Q, and L Series CPU Module and MELIPC ...

  • Google blocks third record-breaking DDoS attack in as many months

    August 18, 2022

    Google says it has blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second. To put things in perspective, this is about 76 percent larger than the previous record DDoS attack that Cloudflare thwarted earlier that same month. As Googlers Emil Kiner and Satya Konduru explain: “That is like ...

  • LockBit claims ransomware attack on security giant Entrust

    August 18, 2022

    The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Last month, BleepingComputer broke the story that Entrust suffered a ransomware attack on June 18th, 2022. Starting in early June, Entrust had begun to tell customers that they suffered a cyberattack where data was stolen from internal systems. Read more… Source: Bleeping Computer  

  • Janet Jackson music video declared a cybersecurity vulnerability

    August 18, 2022

    The music video for Janet Jackson’s 1989 pop hit Rhythm Nation has been recognized as a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers. “A colleague of mine shared a story from Windows XP product support,” wrote Microsoft blogger Raymond Chen. The story detailed how “a major computer manufacturer discovered that playing the music ...