Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Hackers pose as journalists to breach news media org’s networks

    July 16, 2022

    Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation. Recent ...

  • Meet Mantis – the tiny shrimp that launched 3,000 DDoS attacks

    July 15, 2022

    The botnet behind the largest-ever HTTPS-based distributed-denial-of-service (DDoS) attack has been named after a tiny shrimp. Cloudflare said it thwarted the 26 million request per second (rps) attack last month, and we’re told the biz has been tracking the botnet ever since. Now, the internet infrastructure company has given the botnet a name — Mantis — ...

  • Attackers scan 1.6 million WordPress sites for vulnerable plugin

    July 15, 2022

    Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. The attackers are targeting the Kaswara Modern WPBakery Page Builder, which has been abandoned by its author before receiving a patch for a critical severity flaw tracked as ...

  • The industrial internet of things is still a big mess when it comes to security

    July 14, 2022

    Critical infrastructure is increasingly targeted by cyber criminals – and while those responsible for running industrial networks know that securing operational technology (OT) and the Industrial Internet of Things (IIoT) is vital, they’re struggling, resulting in networks being left vulnerable to attacks. According to analysis by cybersecurity company Barracuda, 94% of industrial organisations have experienced a ...

  • Cyber Safety Review Board Releases Unprecedented Report of its Review into Log4j Vulnerabilities and Response

    July 14, 2022

    WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report, which includes 19 actionable recommendations for government and industry. The recommendations from the CSRB – an unprecedented public-private initiative that brings together government and industry leaders to review and assess significant cybersecurity events to better protect ...

  • New Lilith ransomware emerges with extortion site, lists first victim

    July 13, 2022

    A new ransomware operation has been launched under the name ‘Lilith,’ and it has already posted its first victim on a data leak site created to support double-extortion attacks. Lilith is a C/C++ console-based ransomware discovered by JAMESWT and designed for 64-bit versions of Windows. Like most ransomware operations launching today, Lilith performs double-extortions attacks, which ...