Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers are sending malicious links through Google Doc comment emails
January 6, 2022
Research from cybersecurity company Avanan has shown that hackers are increasingly using Google Docs’ productivity features to slip malicious content past spam filters and security tools. Avanan’s Jeremy Fuchs said that in December, the company saw cyberattackers using the comment feature in Google Docs and Google Slides to leverage attacks against Outlook users. “In this attack, hackers ...
- JFrog researchers find JNDI vulnerability in H2 database consoles similar to log4shell
January 6, 2022
Security researchers from JFrog said on Thursday that they discovered a critical JNDI-based vulnerability in the H2 database console exploiting a root cause similar to Log4Shell. The CVE hasn’t been posted by NIST but will be assigned CVE-2021-42392. In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell even though ...
- Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying
January 6, 2022
In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real power-off while allowing malware to remain ...
- Purple Fox rootkit discovered in malicious Telegram installers
January 5, 2022
Researchers have warned that the Purple Fox rootkit is now being distributed through malicious, fake Telegram installers online. This week, the Minerva Labs cybersecurity team, working with MalwareHunterTeam, said that Purple Fox is being disguised through a file named “Telegram Desktop.exe.” Those that believe they are installing the popular messaging service are, instead, becoming laden with ...
- Log4j flaw attack levels remain high, Microsoft warns
January 4, 2022
Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j ‘Log4Shell’ flaw through December. Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services. Microsoft warns ...
- A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
January 3, 2022
Supply chain networks are frequent targets for cybercrime, as controlling a weak link in the supply chain can grant cybercriminals access to more victims – especially when the weak link is the source of the supply chain. Recently, we found a supply chain attack leveraging a cloud video platform to distribute skimmer (aka formjacking) campaigns. ...

