Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • LastPass 2022 Data Breach — 1.6 Million Users Exposed By Security Failure

    December 14, 2025

    Any data breach affecting 1.6 million people is big news, especially when it involves one of the most prominent password managers out there: LastPass. The U.K. Information Commissioner’s Office has just fined LastPass £1.2 million ($1.6 million) for failing to “implement sufficiently robust technical and security measures, which ultimately enabled a hacker to gain unauthorised access ...

  • German Government Summons Russian Ambassador Over Major Cyberattack

    December 12, 2025

    The German government has formally summoned the Russian ambassador following the attribution of a significant cyberattack and coordinated disinformation campaign to Russian actors. This development comes amid heightened concerns regarding interference in Germany’s political processes and critical infrastructure. According to official statements, the cyberattack in question targeted the German Air Traffic Control (Deutsche Flugsicherung, DFS) in ...

  • Lazarus, Kimsuky Conduct 58 Attacks Targeting South Korea

    December 12, 2025

    The North Korean hacking group Lazarus, affiliated with the Reconnaissance General Bureau, is strongly suspected to be behind a 4.45 billion Korean won hacking incident at the virtual asset exchange Upbit. It has been confirmed that Lazarus carried out at least 31 hacking attacks over the past year. According to AhnLab’s “2025 Cyber Threat Trends & ...

  • Google and Apple roll out emergency security updates after zero-day attacks

    December 12, 2025

    Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users. On Wednesday, Google released patches for a handful of security bugs in its Chrome browser, noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. ...

  • Data breach at credit check giant 700Credit affects at least 5.6 million

    December 12, 2025

    At least 5.6 million people had their names, addresses, dates of birth, and Social Security numbers stolen in a data breach at 700Credit, a company that runs credit checks and identity verification services for auto dealerships across the United States. In a statement on its website, the Michigan-based company blamed the October data breach on an ...

  • NANOREMOTE, cousin of FINALDRAFT

    December 11, 2025

    In October 2025, Elastic Security Labs discovered a newly-observed Windows backdoor in telemetry. The fully-featured backdoor Elastic Security Lab call NANOREMOTE shares characteristics with malware described in REF7707 and is similar to the FINALDRAFT implant. One of the malware’s primary features is centered around shipping data back and forth from the victim endpoint using the Google ...