Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • FBI: Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public

    February 8, 2022

    The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to ...

  • Roaming Mantis reaches Europe

    February 7, 2022

    Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. Kaspersky researchers have been tracking Roaming Mantis since 2018, and they observed some new activities by Roaming Mantis in 2021, and some changes in the Android Trojan Wroba.g (or Wroba.o, a.k.a Moqhao, XLoader) that’s mainly used in this campaign. ...

  • Medusa Malware Joins Flubot’s Android Distribution Network

    February 7, 2022

    Flubot, the Android spyware that’s been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa. That’s according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns. The Flubot malware (aka Cabassous) is delivered to targets ...

  • Ransomware groups are shifting towards smaller targets, but ones where they can still guarantee a significant payday

    February 7, 2022

    The cost and risk of executing ransomware attacks is going up, making it harder for cyber criminals to carry them out, which could lead to a decline in the number of overall ransomware attacks. But that could mean some ransomware victims end up paying a heavier price. Ransomware is still running rampant, with several major incidents ...

  • Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs

    February 5, 2022

    Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people. In a press release, the company said the ransomware attack began on August 1 and made their ...

  • China suspected in hack of journalists at News Corp

    February 4, 2022

    Digital intruders broke into News Corp email accounts and compromised the data of an unspecified number of journalists, the company disclosed Friday. The media firm’s internet security adviser said the hack was likely aimed at gathering intelligence for Beijing’s benefit. News Corp, which publishes the Wall Street Journal, said the breach was discovered in late January and ...