Skip to content

Intercepting Fake Microsoft Support Calls Over Teams

In brief: Attackers use fake Microsoft support calls triggered by PDF attachments in phishing emails to deploy the Ether RAT remote access trojan.

Palo Alto Networks Unit 42 warns of a campaign in which attackers infiltrate Microsoft Teams through fake Microsoft support calls. The scheme combines phishing emails with voice calls and installs the remote access malware Ether RAT.

The campaign follows an established pattern: Microsoft Teams users first receive an email asking them to participate in a survey. Opening the attached PDF file shortly triggers a voice call that allegedly comes from Microsoft Support.

The fake support agent then attempts to obtain authorization to install a remote access tool. In parallel, the Ether RAT trojan malware is installed on the affected system. This trojan enables attackers to exercise complete control over the computer.

With this control, sensitive user data and files can be accessed without further obstacles. Particular caution is warranted when employees receive unsolicited survey emails or calls from purported support staff requesting technical interventions.


Source: www.csoonline.com · Published 7 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: