Fake IT bods on Microsoft Teams coax workers into installing malware


Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42.

Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cerberus banking Trojan source code released for free to cyberattackers

    September 16, 2020

    The source code of the Cerberus banking Trojan has been released as free malware on underground hacking forums following a failed auction. Speaking at Kaspersky NEXT 2020 on Wednesday, Kaspersky cybersecurity researcher Dmitry Galov said that the leaked code, distributed under the name Cerberus v2, presents an increased threat for smartphone users and the banking sector ...

  • New MrbMiner malware has infected thousands of MSSQL databases

    September 16, 2020

    A new malware gang has made a name for itself over the past few months by hacking into Microsoft SQL Servers (MSSQL) and installing a crypto-miner. Thousands of MSSQL databases have been infected so far, according to the cybersecurity arm of Chinese tech giant Tencent. In a report published earlier this month, Tencent Security has named this ...

  • Adobe out-of-band patch released to tackle Media Encoder vulnerabilities

    September 16, 2020

    Adobe has released an out-of-band patch to resolve a trio of vulnerabilities discovered in Media Encoder. Adobe Media Encoder, software used to encode audio and video in different formats, is the sole subject of the security update issued outside of the company’s usual monthly release. On Tuesday, Adobe said that three vulnerabilities — CVE-2020-9739, CVE-2020-9744, and CVE-2020-9745 ...

  • Boosting Impact for Profit: Evolving Ransomware Techniques for Targeted Attacks

    September 15, 2020

    While more enterprises have adjusted to the new normal, so have cybercriminals who take advantage of the ever-changing work, home, and security landscape. As described in our 2020 Midyear Roundup, the numbers pertaining to ransomware no longer tell the story at first glance. While the number of infections, company disclosures, and ransomware families has gone ...

  • Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits

    September 15, 2020

    From May 1-July 21, 2020, Unit 42 researchers captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends. The majority of attacks we observed were classified as high severity (56.7%), and nearly one quarter (23%) were classified as critical. The most common vulnerabilities exploited ...

  • The State of Industrial Cybersecurity 2020

    September 15, 2020

    In 2020 ARC Advisory Group on behalf of Kaspersky conducted a survey on the state of industrial cybersecurity, as well as the current priorities and challenges of industrial organizations. More than 330 industrial companies and organizations across the globe were surveyed online and 10 industry representatives were interviewed at trade fairs and ARC forums worldwide. This ...