Cybersecurity researchers have uncovered a sophisticated malspam campaign targeting unsuspecting users through email and phone calls.
Attackers are leveraging popular platforms like AnyDesk and Microsoft Teams to gain unauthorized access to victims’ computers, raising alarms about cybercriminals’ evolving tactics.
The campaign begins with an email bombardment, commonly referred to as an “email bomb,” which is designed to overwhelm the victim’s inbox and obscure the malicious intent. Following this digital assault, the attackers initiate a phone call via Microsoft Teams, a widely used communication tool.
During the call, the attacker poses as a legitimate representative, convincing the victim to download AnyDesk, a legitimate remote access tool, as report by Broadcom. Once installed, AnyDesk allows the attacker to take complete control of the victim’s computer.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
With remote access secured, the attacker executes malicious payloads on the compromised system. These payloads are designed to perform various harmful actions, including stealing sensitive data such as login credentials, financial information, and personal documents.
The attackers’ ability to remotely manipulate the victim’s computer also poses a significant risk of further malware installation, potentially leading to long-term system compromise and data exploitation.
This newly identified campaign underscores the need for heightened vigilance among users and organizations.
Cybersecurity experts advise individuals to be wary of unsolicited emails and phone calls, especially those requesting the installation of software or remote access tools.
Organizations are encouraged to implement robust security measures, including employee training on recognizing phishing attempts and using multi-factor authentication to safeguard communication platforms like Microsoft Teams.
As cyber threats evolve, staying informed and adopting proactive security practices remain crucial in protecting against these sophisticated attacks.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…