Fake IT bods on Microsoft Teams coax workers into installing malware
Unit 42 says attackers are posing as helpdesk staff and persuading employees to hand over remote control before dropping EtherRAT trojan
Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks' Unit 42.
Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT support. During the call, the attacker persuades the target to hand over remote control and install legitimate remote administration tools such as HopToDesk or AnyDesk. An MSI package is then downloaded, which installs the EtherRAT malware.
"We've seen in the logs of the User's session the Title 'System Administrator (External unfamiliar) | Microsoft Teams'; the External unfamiliar tag indicates a contact from outside the organization with no trusted relationship," Unit 42...
Copyright of this story solely belongs to theregister.com. To see the full text click HERE