Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • TrickBot’s new module aims to infect your UEFI firmware

    December 3, 2020

    The developers of TrickBot have created a new module that probes for UEFI vulnerabilities, demonstrating the actor’s effort to take attacks at a level that would give them ultimate control over infected machines. With access to UEFI firmware, a threat actor would establish on the compromised machine persistence that resists operating system reinstalls or replacing of ...

  • Phishing campaign targets organizations in COVID-19 vaccine cold chain

    December 3, 2020

    IBM’s cyber-security division says that hackers are targeting companies associated with the storage and transportation of COVID-19 vaccines using temperature-controlled environments — also known as the COVID-19 vaccine cold chain. The attacks consisted of spear-phishing emails seeking to collect credentials for a target’s internal email and applications. Targets of the attacks included a wide variety of companies, ...

  • Ransomware gang says they stole 2 million credit cards from E-Land

    December 3, 2020

    Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. E-Land Retail, a subsidiary of E-Land Global, operates numerous retail clothing stores, including New Core and NC Department Store. Last month, E-Land Retail had to shut down 23 NC Department Store and New ...

  • From Geost to Locker: Monitoring the Evolution of Android Malware Obfuscation

    December 3, 2020

    In 2019, I looked into Geost, an Android trojan with interesting layers of obfuscation. This entry serves to show how its obfuscation method has evolved by comparing my findings from 2019 with new samples from 2020. It is also part of a larger research endeavor done with Masarah Paquet-Clouston, Maria Jose Erquiaga, and Sebastian Garcia. Our ...

  • Kmart, Latest Victim of Egregor Ransomware

    December 3, 2020

    Retail stalwart Kmart has suffered a ransomware attack at the hands of the Egregor gang, according to a report. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services, according to BleepingComputer. The outlet obtained the purported ransom note that claims to have compromised Kmart’s Windows domain. The company was purchased ...

  • APT annual review: What the world’s threat actors got up to in 2020

    December 3, 2020

    Beyond Windows While Windows continues to be the main focus for APT threat actors, we have observed a number of non-Windows developments this year. Last year we reported a malware framework called MATA that we attribute to Lazarus. This framework included several components such as a loader, orchestrator and plug-ins. In April, we learned that MATA ...