Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard

Criminals are reaching out to victims, offering to help with a “problem”
To fix the issue, they request AnyDesk access
If they get it, they drop the DarkGate malware and steal sensitive data

Cybercriminals are combining Microsoft Teams and AnyDesk to try and install a dangerous piece of malware on their target’s devices, experts have warned.

A report from Trend Micro, which claims to have recently observed one such attack in the wild, notes how the attackers would first send thousands of spam emails to their targets, and then reach out via Microsoft Teams, impersonating an employee of an external supplier.

Offering help with the problem, the attackers would instruct the victim to install a Microsoft Remote Support application. If that failed, they would try the same with AnyDesk. If successful, the attackers would use the access to deliver multiple payloads, including a piece of malware called DarkGate.

DarkGate is a highly versatile malware that can act as a backdoor on infected systems, allowing attackers to execute commands remotely. It can install additional payloads, and exfiltrate sensitive data without being detected. Data of high value includes login credentials, personally identifiable information, or data on clients, customers, and business partners.

One of its notable features is its modular design, allowing attackers to modify the malware’s functionality. So, in one scenario it can act as an infostealer, and in another, as a dropper.

The attack was blocked before doing any meaningful damage, but the researchers used it as an opportunity to warn businesses of the constant threat that lurks on the internet.

Organizations need to train their employees to spot phishing and social engineering attacks, deploy multi-factor authentication (MFA) wherever possible, and put as much of their infrastructure behind a VPN as possible. Furthermore, they should keep both software and hardware up to date, and keep in mind end-of-life dates for critical equipment.

Ultimately, they should use common sense and not fall for obvious scam attempts that are running rampant on the internet.

Via The Hacker News

https://cdn.mos.cms.futurecdn.net/tfTPM2h23pWZ3334EbhVKT-1200-80.jpg

Source link

ChatGPT vs Gemini: What are the differences?

One of our favourite Ninja air fryers has fallen to its lowest price since Black Friday

Why hacktivism can’t be a replacement for due process

Dyson V8 Animal vs V8 Absolute: what’s the difference?

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard

ChatGPT vs Gemini: What are the differences?

One of our favourite Ninja air fryers has fallen to its lowest price since Black Friday

Why hacktivism can’t be a replacement for due process

Dyson V8 Animal vs V8 Absolute: what’s the difference?

Leave a reply Cancel reply