Threat actors are exploiting Microsoft's Quick Assist tool in Windows through a vishing scam to deliver malware and ransomware, such as Black Basta; Microsoft issued a warning and advised on blocking/uninstalling Quick Assist and RMM tools, while enhancing transparency in Quick Assist, following the modus operandi of attacker group Storm-1811, identified since mid-April, involved in email-bombing attacks and deploying various malware like Qakbot, Cobalt Strike, leading to Black Basta ransomware; recommendations also included training staff on tech support scam awareness and empowering them to report suspicious activities. ```
https://www.scmagazine.com/news/microsofts-quick-assist-used-in-scam-to-drop-black-basta-ransomware