Skip to content
Tuesday, 7 July 2026 · Lagos
Tech & AI
Developing story. Independently corroborated details are still being verified. Facts may be updated as reporting develops.

New Cyber Threat: Fake IT Support Calls on Microsoft Teams Deploy EtherRAT Malware

Threat actors are now exploiting Microsoft Teams' voice call feature, impersonating corporate IT support to trick unsuspecting employees into installing malicious EtherRAT software, thereby gaining initial access to sensitive corporate networks.

New Cyber Threat: Fake IT Support Calls on Microsoft Teams Deploy EtherRAT Malware
Leverage On Heroes Media
Image via official source (csirt.ncc.gov.ng)

HEADLINE

New Cyber Threat: Fake IT Support Calls on Microsoft Teams Deploy EtherRAT Malware

OPENING HOOK

In an evolving digital landscape where collaboration tools are central to daily operations, a sophisticated new cyber threat is emerging, leveraging trusted communication platforms to compromise corporate security. This development underscores the critical need for heightened vigilance among employees and robust cybersecurity measures within organisations, from the bustling markets of Lagos to the tech hubs of Abuja.

WHAT HAPPENED

Threat actors are actively abusing the voice call functionality within Microsoft Teams, a widely used corporate communication and collaboration platform. These perpetrators impersonate legitimate corporate IT support staff, contacting employees directly through Teams calls. Their objective is to manipulate individuals into installing a malicious software known as EtherRAT, a type of Remote Access Trojan, which grants the attackers initial, unauthorised access to the company's internal networks.

WHO ARE THE KEY PLAYERS

**Threat Actors:** These are the malicious individuals or groups orchestrating the attacks. Their primary motivation is to gain unauthorised access to corporate networks, potentially for data theft, espionage, or further illicit activities. They employ social engineering tactics to exploit human trust.

**Microsoft Teams:** This is the communication platform being exploited. Developed by Microsoft, it's a popular hub for workplace collaboration, offering chat, video meetings, file storage, and application integration. Its widespread adoption makes it an attractive target for cybercriminals.

**Corporate Employees:** These are the primary targets of the attacks. Often busy and trusting of internal IT communications, they are socially engineered into downloading and executing the malware, unknowingly compromising their organisation's security.

**Corporate IT Support Departments:** These are the legitimate internal teams responsible for managing an organisation's technology infrastructure and providing technical assistance. Their identity is being impersonated by the threat actors to lend credibility to the fraudulent calls.

UNDERSTANDING THE LOCATION

While not a physical geographical location, the 'location' of this threat is the **digital attack surface** of corporate networks, specifically focusing on the Microsoft Teams environment. This includes the digital pathways and communication channels that employees use daily. For Nigerian businesses, this means any organisation relying on digital collaboration tools, from large multinational corporations in Victoria Island to smaller enterprises leveraging cloud services, is a potential target. The vulnerability lies in the intersection of human trust and digital communication protocols.

BACKGROUND AND CONTEXT

The rise of remote and hybrid work models, significantly accelerated by global events, has led to an exponential increase in the adoption of digital collaboration tools like Microsoft Teams. This shift has also broadened the attack surface for cybercriminals. Social engineering, the psychological manipulation of people into performing actions or divulging confidential information, has long been a favoured tactic. Historically, such attacks often occurred via email phishing. However, threat actors are continuously evolving their methods, now adapting to exploit real-time communication channels like voice calls, which can feel more immediate and therefore more convincing to targets. This particular method represents an evolution from traditional email-based phishing to more interactive and potentially more persuasive voice-based social engineering.

EXPLAINING IMPORTANT REFERENCES

**Microsoft Teams:** A unified communication and collaboration platform that combines workplace chat, video meetings, file storage, and application integration. It is widely used by businesses globally for daily operations.

**EtherRAT malware:** This refers to a type of malicious software known as a Remote Access Trojan (RAT). A RAT allows an attacker to remotely control a compromised computer, access files, monitor activity, and potentially install further malware, all without the user's knowledge. It's like giving a stranger the keys to your house and remote access to all your devices.

**Social Engineering:** This is a non-technical type of cyberattack that relies on human interaction and often involves manipulating people into breaking normal security procedures or giving up sensitive information. In this context, it's the trickery used to convince employees that the fake IT support call is legitimate.

**Initial Access:** In cybersecurity, 'initial access' refers to the first critical step in a cyberattack where an attacker successfully gains a foothold within a target network or system. This is a crucial phase as it allows the perpetrators to then explore the network, escalate privileges, and launch further attacks.

IMPACT ANALYSIS

The implications of these attacks are far-reaching for Nigerian businesses and their employees. For individuals, falling victim could lead to reputational damage, job insecurity, or even legal repercussions if their actions compromise sensitive company data. For organisations, the impact can be severe: data breaches can result in significant financial losses, damage to brand reputation, regulatory fines (especially with data protection laws like the NDPR), and operational disruptions. Imagine a critical business operation halting due to a compromised network, affecting everything from customer service to financial transactions. The cost of incident response, recovery, and bolstering cybersecurity measures can be substantial, diverting vital resources from core business activities. This erosion of trust in digital communication also poses a broader challenge, making employees more hesitant to engage with legitimate IT support, thereby creating new operational inefficiencies.

WHAT HAPPENS NEXT

In response to this escalating threat, several actions are anticipated. Organisations must immediately reinforce their cybersecurity awareness training, specifically educating employees about the dangers of unsolicited IT support calls on platforms like Teams. They should implement stricter verification protocols for IT support interactions and consider advanced endpoint detection and response (EDR) solutions. Microsoft, as the platform provider, is expected to continue enhancing its security features and detection capabilities to identify and mitigate such abuses. Law enforcement agencies, including the Economic and Financial Crimes Commission (EFCC) in Nigeria, may also intensify efforts to track and apprehend these threat actors. The onus is now on both technology providers and users to adapt and counter these evolving cyber tactics.

HERO PERSPECTIVE

Leverage On Heroes Media believes that in the face of sophisticated digital threats, knowledge is our most powerful shield. This incident serves as a stark reminder that technology, while empowering, also presents new vulnerabilities. Our editorial stance is to champion proactive vigilance and continuous education. We urge every Nigerian employee and business leader to treat every unsolicited digital interaction with a healthy dose of skepticism, verify before trusting, and understand that robust cybersecurity is not just an IT department's responsibility, but a collective imperative for national digital resilience. It is through informed action that we can turn potential victims into heroes guarding our digital future.

CLOSING

As the digital landscape continues to evolve, the line between legitimate assistance and malicious intent becomes increasingly blurred. Staying informed, exercising caution, and adhering to strict security protocols are paramount in safeguarding our individual and collective digital integrity against cunning threat actors. We must remain vigilant, always questioning, always verifying.

Quick quiz

Quiz is being generated… check back in a minute.

Reader reviews

Be the first to rate this story.

Published 7/7/2026 · Leverage On Heroes Media

Get the morning brief

One email a day — the biggest stories from Nigeria, no fluff.