Signal

Attackers leverage Microsoft Teams and tax season phishing to deliver advanced malware

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-07-07 15:14 UTCUpdated 2026-07-08 13:00 UTC
rss
malwarephishingremote_access_trojansincident_responsesecurity_advisory
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Overview

Recent campaigns have exploited Microsoft Teams and India's tax filing season to distribute sophisticated malware.

Entities
Palo Alto NetworksCyderesEtherRATGh0st RATQuasarRATAsyncRATEvilTokens
Score total
1.23
Momentum 24h
4
Posts
4
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • Campaigns coincide with India's tax filing season, increasing potential victim pool.
  • Microsoft Teams' growing use makes it a lucrative vector for social engineering attacks.
  • Emerging ghost phishing tactics reveal gaps in current email security defenses.
Why it matters
  • Attackers use trusted platforms like Microsoft Teams to bypass user suspicion and deliver malware.
  • Dual RAT deployments ensure persistent attacker access even if one channel is detected or blocked.
  • Ghost phishing techniques evade traditional email security, increasing risk of undetected breaches.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Phishing emails with malicious PDFs lead to fake Microsoft Teams support calls installing EtherRAT malware
  • India's tax filing season is exploited with phishing emails delivering dual remote access trojans via multi-stage infection chains
  • Ghost phishing campaigns evade traditional email security by activating malicious pages only inside victims' browsers
How sources frame it
  • CSO Online: neutral
  • SC Media: neutral
  • The Hacker News: neutral
This briefing highlights emerging malware delivery tactics exploiting trusted platforms and seasonal phishing themes, emphasizing the need for vigilance against multi-stage infection chains and novel phishing techniques.
All evidence
All evidence
New Ghost Phishing Wave Is Breaking Traditional Email Security
thehackernews · thehackernews.com · 2026-07-08 13:00 UTC
Attackers use Microsoft Teams voice calls to deliver EtherRAT malware
SC Media · scworld.com · 2026-07-07 17:12 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • thehackernews (1)
  • CSO Online (1)
  • SC Media (1)
Top origin domains (this list)
  • thehackernews.com (1)
  • csoonline.com (1)
  • scworld.com (1)