Hackers aren't known for punching above the belt, but one recent scam feels so devious it's made me even more wary of the next time IT tries to reach out to me. The scam uses hijacked Microsoft Teams account to pose as an IT helpdesk, which then convinces users to download malicious files.
As noted by GBHackers, some versions of this scam use fresh Microsoft Teams accounts to impersonate existing users, but others use accounts gained in this scam to further scam others.
Once contact is established with a user, they are encouraged to access a bespoke chat client, which lends the hack an air of legitimacy.
From here, users are encouraged to run a command via PowerShell that then secretly unpacks a WinPython environment. This is all under the guise of it being a "diagnostic tool". The ModeloRAT can start to infect the PC without any obvious signs of what is even happening.
The hack in question has two separate components to it: one searches for and retrieves data covertly, while the other establishes a connection to a different device. GBHackers notes "Run‑key persistence is still present but is now paired with a scheduled task using a randomly generated name, increasing resiliency and making cleanup harder if only one mechanism is removed."
The goal of the ModeloRAT malware software is to embed itself into corporate environments so that it can do what it likes with all that harvested data. GBHackers reports it "was able to execute without detections from several major endpoint detection and response (EDR) products, and related samples showed zero antivirus hits on VirusTotal at the time of analysis."
This form of social engineering is becoming ever more popular. Just yesterday, I found out about a password-stealing Trojan virus that managed to get into users' PCs with fake job interviews.
Social engineering scams are getting even more sophisticated in the age of AI, too. A few months ago, another scheme was found, where hackers would pose as CEOs with deepfake technology and set up a bogus troubleshooting program to help with technical problems. As you might be able to guess, that troubleshooting program was a virus.
As always, the best defence against hacks and scams is verifying the identity of folks who contact you, especially if they're trying to make you download a dodgy file or click on a suspect link.
Bengali (Bangladesh) · 
English (United States) ·