Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- GandCrab ransomware affiliate arrested for phishing attacks
March 9, 2021
A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. The GandCrab ransomware operation started in January 2018 when it quickly became a malware empire threatening businesses worldwide. Operated as a Ransomware-as-a-Service (RaaS), the GandCrab developers teamed up with affiliates in a revenue share partnership, with affiliates earning between 70-80% ...
- Hackers access surveillance cameras at Tesla, Cloudflare, banks, more
March 9, 2021
Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ. Hacks multiple cameras in ...
- Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords
March 8, 2021
Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies. According to researchers, at least 2,500 ...
- Newest Intel Side-Channel Attack Sniffs Out Sensitive Data
March 8, 2021
Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics. Instead it leverages a component called CPU ring interconnect contention. This component facilitates ...
- European Banking Authority discloses Exchange server hack
March 8, 2021
The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector. “The Agency has swiftly launched a full investigation, in ...
- Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
March 8, 2021
A possible link to China has been noted by researchers examining the exploit of SolarWinds servers to deploy malware. On Monday, Secureworks’ counter threat unit (CTU) said that during late 2020, a compromised Internet-facing SolarWinds server was used as a springboard to deploy Supernova, a .NET web shell. Similar intrusions on the same network suggest that the ...

