Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • ModifiedElephant APT plant criminal evidence on human rights defender, lawyer devices

    February 11, 2022

    Cybercriminals are hijacking the devices of civil rights activists and planting “incriminating evidence” in covert cyberattacks, researchers warn. According to SentinelLabs, an advanced persistent threat (APT) group dubbed ModifiedElephant has been responsible for widespread attacks targeting human rights activists and defenders, academics, journalists, and lawyers across India. The APT is thought to have been in operation since ...

  • Apple patches new zero-day exploited to hack iPhones, iPads, Macs

    February 11, 2022

    Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. The zero-day patched today is tracked as CVE-2022-22620 and is a WebKit Use After Free issue that could lead to OS crashes and code execution on compromised devices. Successful exploitation of this ...

  • DDoS attacks in Q4 2021

    February 10, 2022

    Q4 2021 saw the appearance of several new DDoS botnets. A zombie network, named Abcbot by researchers, first hit the radar in July, but at the time it was little more than a simple scanner attacking Linux systems by brute-forcing weak passwords and exploiting known vulnerabilities. In October, the botnet was upgraded with DDoS functionality. ...

  • Swipe left: Snoops use dating apps to hook sources, says Australian Five Eyes boss

    February 10, 2022

    Nations running online foreign influence campaigns have turned to dating apps to recruit people privy to sensitive information, according to the director general of the Australian Security and Intelligence Organisation (ASIO), the nation’s security agency directed against external threats and a key partner in the Five Eyes security alliance. “In the last two years, thousands of ...

  • A sign of ransomware growth: Gangs now arbitrate disputes

    February 9, 2022

    Cyber criminal gangs are getting increasingly adept at hacking and becoming more professional, even setting up an arbitration system to resolve payment disputes among themselves, according to a new report by the United States, Australia and the United Kingdom that paints a bleak picture of ransomware trends. Ransomware gangs, which hack targets and hold their data ...

  • Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)

    February 8, 2022

    On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM). SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management. Impacted organizations could experience: theft of sensitive data, financial ...