How confident would you be that you could tell if you were on a voice call with a cybercriminal? If you’re unsure if you could, watch out; bad actors are calling people over Microsoft Teams pretending to be a firm and offering help, but they’ll do anything but.
Cybercriminals Are Targeting Microsoft Teams Users With Vishing Attacks
As spotted and reported by Trend Micro, there’s a new attack circulating that uses vishing to gain a foothold on someone’s system. Similar to phishing, vishing is when someone attempts to convince someone to act to give the cybercriminal information or an entryway into a system, albeit vishing is done over the phone or via a calling app.
In the example case that Trend Micro gave, the attack started with thousands of phishing emails hitting someone’s account. This was followed by a call by the cybercriminal acting as a tech support assistant, presumably to “fix” the flood of emails that they themselves caused.
The cybercriminal encouraged the victim to install a remote access app, starting with Microsoft Remote Support and then moving to AnyDesk when the former failed to install. Once AnyDesk was set up, the cybercriminal used the remote access app to install a PowerShell-based malware dropper. The PowerShell malware then fetched the DarkGate malware, which criminals use to steal data and gain control of someone’s computer via a Remote Access Trojan (RAT).
Fortunately, the attack was halted before anything was stolen, but it still acts as an excellent example of how to avoid vishing. Always be wary when someone asks you to download remote access tools, especially if the person on the other end contacted you first without you asking them to. If you have a tech support issue, report it to either your IT department at work or a trained professional if you’re at home.
