Skip to content

EtherRAT Malware Delivered via Fake IT Support Calls on Microsoft Teams

The point: Threat actors use Microsoft Teams voice calls impersonating IT support identities to deploy EtherRAT malware in enterprise environments.

Attackers pose as IT support in Microsoft Teams voice calls to persuade employees to download EtherRAT malware and gain access to corporate networks.

Threat actors conduct Microsoft Teams voice calls in which they impersonate a company’s IT support personnel. They employ social engineering to convince employees to install EtherRAT malware. The calls occur through the Teams system itself, making attackers appear legitimate and exploiting the trust of targets.

EtherRAT is a remote-controlled Trojan that provides attackers with remote access and arbitrary command execution on the infected system. A successful installation grants attackers initial access to internal networks, from which they can perform lateral movement, harvest data, or deploy additional malware.

For security leaders, this attack vector requires attention in implementing user awareness, communication policies, and technical controls. Recommended measures include regular training on recognizing social engineering attacks, verification procedures for IT support contacts through separate channels, and restricting malware execution rights on endpoints through application whitelisting or behavioral detection systems.


Source: www.bleepingcomputer.com · Published 6 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.3.

Share on: