Hackers Exploit Microsoft Teams Calls to Deploy EtherRAT Malware
Leave a Comment / Cybersecurity, Data Protection, Enterprise Technology, Industry News / By cxojunction
Cybercriminals are finding new ways to exploit trusted workplace tools, with Microsoft Teams becoming the latest platform used to deliver sophisticated cyberattacks. A recent campaign demonstrates how attackers are combining social engineering with legitimate software to deploy the stealthy EtherRAT Malware remote access trojan.

The attack starts with a phishing email disguised as an “Employee Survey” that contains a malicious PDF attachment. After the file is opened, the victim receives a Microsoft Teams voice call from someone claiming to be a system administrator, making the interaction appear like a routine IT support request.
Although Microsoft Teams labels the caller as an unfamiliar external contact, attackers use convincing helpdesk-style domains and persuasive communication to build trust. Victims are then guided to enable screen sharing and install legitimate remote management tools, unknowingly giving attackers access to their systems.
With remote access established, the attackers execute a malicious MSI installer that downloads a genuine Node.js runtime before decrypting and launching EtherRAT Malware. Because the malware relies on legitimate software components, its activity can blend into normal system operations and evade detection.
Researchers found that EtherRAT malware is capable of executing commands, manipulating files, stealing sensitive data, and maintaining long-term persistence on compromised devices. Its use of Ethereum smart contracts to retrieve command-and-control server details makes the malware more resilient, while multiple installer versions suggest the campaign is actively evolving.
The findings further highlight how cybercriminals continue to exploit trusted collaboration platforms to bypass traditional security measures. As these tactics become more sophisticated, organizations must strengthen employee awareness, verify IT support requests through trusted channels, restrict unnecessary external Teams interactions, and closely monitor remote access software. Taking these measures can help reduce the risk of social engineering attacks and improve resilience against evolving threats targeting everyday business tools.
CXO Junction remains dedicated to providing you with exclusive insights into transformative leadership journeys. Stay tuned for more updates as we continue to bring industry news to you.
Source: Hackers Leverage Microsoft Teams Call to Install RMM Tools and Deploy EtherRAT| Cyber Security News | https://cybersecuritynews.com/hackers-leverage-microsoft-teams-call/
