Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- BlackCat ransomware claims attack on European gas pipeline
August 1, 2022
The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country. Creos’ owner, Encevo, who operates as an energy supplier in five EU countries, announced on July 25 that they had suffered a cyberattack the previous weekend, ...
- Activists use torrents to spread uncensored news to Russian pirates
August 1, 2022
A team of Ukrainian cyber-activists has thought of a simple yet potentially effective way to spread uncensored information in Russia: bundling torrents with text and video files pretending to include installation instructions. Named “Torrents of Truth,” the initiative is similar to “Call Russia,” a project to help break through Russian propaganda and open people’s eyes to ...
- Russian Hackers Target U.S. HIMARS Maker in ‘New Type of Attack’
August 1, 2022
ussian hackers have launched “a new type of attack” on American military company Lockheed Martin, the maker of the M142 High Mobility Artillery Rocket System (HIMARS), the weapon the hackers believe is responsible for thousands of deaths in Ukraine, according to a pro-Moscow news website. The Kremlin-supporting Life website reported that the cyberattack by the Killnet ...
- Huge network of 11,000 fake investment sites targets Europe
July 31, 2022
Researchers have uncovered a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe. The platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims. The goal of the operation is to trick users into ...
- Federal courts hit by “significant and sophisticated” cyberattack in 2020
July 28, 2022
The US federal court system was hit with a significant cyber breach in 2020, unrelated to the SolarWinds attack, that a US congressman on Thursday called “incredibly significant and sophisticated.” At a hearing of the House Judiciary Committee, chairman Jerrold Nadler, D-NY, noted that the Administrative Office of the Courts released a public statement about the ...
- LofyLife: malicious npm packages steal Discord tokens and bank card data
July 28, 2022
On July 26, using the internal automated system for monitoring open-source repositories, Kaspersky researchers identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. The Python malware is a modified version of an open-source token logger called Volt ...

