Fake IT support calls on Microsoft Teams push EtherRAT malware

Fake IT support calls on Microsoft Teams push EtherRAT malware
Threat actors are abusing Microsoft Teams voice calls and phishing emails to impersonate IT support staff and trick employees into installing EtherRAT malware. The campaign uses legitimate remote tools, a Node.js-based loader, and Ethereum smart contracts for command-and-control, while also highlighting Microsoft’s added protections against these Teams abuse tactics. #MicrosoftTeams #EtherRAT #Unit42 #A0Backdoor #React2Shell

Keypoints

  • Attackers begin with an “Employee Survey” phishing email and a malicious PDF.
  • Victims receive a Microsoft Teams call from an external account posing as a system administrator.
  • Attackers persuade users to enable remote control and install HopToDesk or AnyDesk.
  • A malicious MSI file downloads Node.js and launches EtherRAT on the victim machine.
  • Microsoft is adding warnings and lobby controls to block suspicious external Teams activity.

Read More: https://www.bleepingcomputer.com/news/security/fake-it-support-calls-on-microsoft-teams-push-etherrat-malware/