Trend Micro security experts discovered a sophisticated cyberattack that included social engineering tactics and commonly employed remote access tools. The attack, which uses stealthy infostealer malware, gives thieves permanent access over vulnerable PCs and allows them to steal sensitive data.
According to Trend Micro Threat Intelligence, the majority of incidents since October 2024 have been concentrated in North America, with 21 breaches reported. The US was the most affected, with 17 cases, followed by Canada and the United Kingdom, each with five. Europe documented a total of 18 incidents.
Modus operandi
Threat actors utilise social engineering techniques to acquire initial access by deceiving victims into submitting credentials. Microsoft Teams is used for impersonation, and Quick Assist and other remote access applications allow attackers to escalate privileges. OneDriveStandaloneUpdater.exe, a genuine OneDrive update application, is used to sideload malicious DLLs and grant attackers network access.