Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

> - The Trend Micro Managed Detection and Response (MDR) team analyzed an incident wherein an attacker used social engineering via a Microsoft Teams call to impersonate a user’s client and gain remote access to their system. > - The attacker failed to install a Microsoft Remote Support application but successfully instructed the victim to download AnyDesk, a tool commonly used for remote access. > - After gaining access to the machine, the attacker dropped multiple suspicious files. One of the suspicious files was detected as Trojan.AutoIt.DARKGATE.D. > - A series of commands executed by Autoit3.exe led to the connection to a potential command-and-control server and the subsequent download of a malicious payload. > - Persistent files and a registry entry were created on the victim’s machine, though the attack was ultimately thwarted before exfiltration occurred.