The warning was right there on the screen. "External unfamiliar."
Microsoft Teams had already done its job, flagging that the person calling wasn't from the company, wasn't in the usual contact list, wasn't who they claimed to be by any objective measure the platform could offer.
The employee shared their screen anyway.
That single decision, made over a voice call from someone posing as a "System Administrator," was the only thing standing between a phishing email and full network compromise. Everything that followed (the remote access tools, the malware loader, the RAT that gave attackers total control of the machine) depended on that one human’s decision going the attacker's way.
How the attack unfolded
According to research from Unit 42, the campaign starts unremarkably: a phishing email with an "Employee Survey" lure and a PDF attachment. No exploit. No macro. Nothing a spam filter would necessarily catch, because there's nothing technically malicious in the file itself.
The real attack starts after the PDF is opened. Shortly afterward, the victim receives a Microsoft Teams voice call from an external account, helpdesk@Progressive936.onmicrosoft[.]com, impersonating IT support. The account sits outside the victim's own Microsoft 365 tenant, which is exactly what triggers the "External unfamiliar" label Teams displays on the call.
The attacker doesn't rush. They talk the employee through a scenario that sounds routine: a follow-up related to the survey, a device check, something that needs remote access to resolve. Using Teams' built-in screen-sharing feature, the attacker walks the employee through installing legitimate remote-access software, HopToDesk, then AnyDesk. Both are real, widely used tools. Neither is inherently suspicious to an employee who believes they're following IT's instructions.
Once remote access is established, the attacker downloads and runs a malicious MSI installer, v7.msi, from camorreado[.]click. That installer is a loader: it pulls down a legitimate Node.js runtime, decrypts embedded payloads, and launches EtherRAT, a cross-platform remote access trojan that gives the attacker full control of the compromised system, including command execution, file manipulation, and data theft.
EtherRAT has a detail worth sitting with: it uses Ethereum smart contracts to retrieve its command-and-control server. Instead of a domain or IP address that defenders can block, the malware checks the blockchain for its next instruction. Unit 42 found an open directory hosting nine versions of the installer, evidence the campaign is still actively being developed. EtherRAT has previously surfaced in state-sponsored operations exploiting the React2Shell vulnerability, and has since been picked up by other threat actors.
The moment that mattered
Strip away the Node.js loader, the smart contracts, the MSI chain, none of it works without the employee agreeing to hand over their screen to someone Teams had already flagged as unfamiliar.
That's the decision point. Not "was the PDF suspicious." Not "did the caller sound legitimate." The specific, recognizable moment was a platform-native warning label, sitting on screen during a call from someone claiming to be internal IT.
Pattern recognition is the only defense that fires fast enough to matter here. An employee who has seen this shape before, an external label on a call that claims to be internal, pauses. An employee who hasn't, doesn't.
Why legacy training misses this
Most security awareness programs are still built around email. Suspicious link, spoofed sender, urgent subject line. Those lessons don't transfer to a phone call inside a trusted collaboration tool, because the attack surface has moved somewhere the training never followed.
Even the training that does cover vishing tends to teach it as a category, not a specific pattern tied to the tools employees actually use every day. Voice phishing is now the top initial access vector in cloud environments, according to Mandiant's M-Trends 2026 report — and it keeps working precisely because employees haven't been shown what it looks like inside Teams, Slack, or Zoom specifically.
A quarterly module about "phone scams," built from a static library and assigned to everyone regardless of role, was never going to prepare an employee for an external caller impersonating their own helpdesk, using their own company's naming conventions, inside the tool they use for internal calls all day.
How Frame closes the gap
This is the difference between a vendor-driven training model and a threat-driven one. A vendor-driven program teaches from a fixed library, updated on a vendor's schedule, disconnected from what's actually targeting your organization this week. A threat-driven program builds training from what's happening right now, in the channels your employees actually use.

Frame's Industry News feed surfaces campaigns like this one as they're reported. A security team clicks the article, and Content Studio generates a training module, built around the actual mechanics of the attack and your organization's unique context. It’s ready to launch in under 5 minutes. No waiting on a vendor's content calendar.
See Frame build a simulation around your organization’s environment in under 5 minutes. Schedule a demo today.
TL;DR
- A phishing email with an "Employee Survey" lure led to a Microsoft Teams voice call from an attacker impersonating IT support, flagged by Teams as "External unfamiliar."
- The victim shared their screen, was guided into installing legitimate remote access tools (HopToDesk, AnyDesk), and unknowingly enabled the download of a malicious MSI installer.
- The installer loaded EtherRAT, a cross-platform RAT that uses Ethereum smart contracts to hide its command-and-control infrastructure.
- The only realistic defense is recognizing the specific pattern — an external, unfamiliar caller claiming to be internal IT, before screen access is granted.
- Training built from a static library, updated on a quarterly cycle, will always be a step behind attacks that move this fast. Threat-driven training, built from this week's real campaigns, isn't.


