![Apple Officially Announces Return of 'Ted Lasso' for Fourth Season [Video]](https://www.iclarified.com/images/news/96710/96710/96710-640.jpg)
![Apple Plans Live Translation Feature for AirPods in iOS 19 [Report]](https://www.iclarified.com/images/news/96712/96712/96712-640.jpg)
![Apple Shares Official Trailer for 'F1' Starring Brad Pitt [Video]](https://www.iclarified.com/images/news/96714/96714/96714-640.jpg)
_Tanapong_Sungkaew_Alamy.jpg?#)
_JIRAROJ_PRADITCHAROENKUL_Alamy.jpg?#)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment
A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. These calls, designed to appear legitimate, ultimately lead to the deployment of ransomware on the victim’s system. The scam involves a malicious binary named CITFIX#37.exe, which is masquerading as a legitimate tool derived from the Sysinternals Desktops utility. […] The post Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment appeared first on Cyber Security News.
A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls.
These calls, designed to appear legitimate, ultimately lead to the deployment of ransomware on the victim’s system.
The scam involves a malicious binary named CITFIX#37.exe, which is masquerading as a legitimate tool derived from the Sysinternals Desktops utility.
Cybersecurity researchers at Deutsche Telekom CERT noted that the scam begins with a call from individuals claiming to be from Microsoft or another reputable tech company.
They assert that there is an issue with the user’s Outlook account and offer to troubleshoot the problem.
Once the user grants access to their computer, the attackers download and install the CITFIX#37.exe malware.
This binary is signed with fake digital certificates, making it appear legitimate at first glance.
Scam Details
The CITFIX#37.exe malware has a SHA256 hash of 247e6a648bb22d35095ba02ef4af8cfe0a4cdfa25271117414ff2e3a21021886.
Despite being signed, it is not authenticated by Microsoft. Instead, it uses malicious code signers such as Cascade Tech-Trek Inc., AM MISBAH Tech Inc., and KouisMoa MegaByte Information Technology Co., Ltd.
.webp)
The malware installation process show how the attackers use these fake certificates to deceive users into trusting the software.
.webp)
Once installed, the malware can lead to ransomware deployment, encrypting the user’s files and demanding payment in exchange for the decryption key.
To protect yourself from fake Outlook troubleshooting scams, always verify the caller’s identity, as legitimate companies like Microsoft will not contact you unexpectedly for issue resolution.
Be cautious about granting remote access to your computer unless you are absolutely certain of the caller’s authenticity.
Keeping your antivirus software up to date ensures better protection against emerging threats, while regularly backing up your data can help prevent loss in case of an attack.
By understanding how these attacks work and following best security practices, individuals can significantly reduce their risk of falling victim to ransomware and other malicious schemes.
Indicators of Compromise (IoCs)
- File Name:
CITFIX#37.exe - SHA256 Hash:
247e6a648bb22d35095ba02ef4af8cfe0a4cdfa25271117414ff2e3a21021886 - Malicious Signers:
- Cascade Tech-Trek Inc.
- AM MISBAH Tech Inc.
- KouisMoa MegaByte Information Technology Co., Ltd.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment appeared first on Cyber Security News.
