Hackers circulate malware to innocent users by hacking into Microsoft Teams Meetings. According to Avanan, an email security provider last month discovered hackers dropping malicious executable files on Microsoft Teams through in-session chats.
In a blog post the security firm recently acquired by Check Point Software said, “Starting in January 2022, Avanan observed how hackers are dropping malicious executable files in Teams conversations. The file writes data to the Windows registry, installs DLL files, and creates shortcut links that allow the program to self-administer. Avanan has seen thousands of these attacks per month. In this attack brief, Avanan will analyze how these .exe files are being used by hackers in Microsoft Teams. “
The hackers first compromised an email account belonging to an employee to hack into Microsoft Teams. The compromised email account is then used to access Teams meetings at their company.
The hackers are also known to steal login credentials for Microsoft 365 that’s bundled with Microsoft Teams via email phishing campaigns.
The researchers at Avanan said, “Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams,” Hackers drop a malicious executable file that pretends to be a legitimate program called “User-Centric” once inside the meeting. When the victim installs it unknowingly the trojan drops malicious DLL files on the PC, enabling the adversaries to remotely hijack the system.
Avanan further added, “By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users,”. It also showcased a demo of the malware, though it ran on a Windows 7 setup and it’s not clear if the attack works on Windows 10 or Windows 11 PCs.
Avanan added, “Most employees have been trained to second-guess identities in email, but few know how to make sure that the name and photo they see in a Teams conversation are real.”
Microsoft did not comment on this issue, though the company support documents say Microsoft Teams has a built-in antivirus detection through Microsoft 365, while according to Avanan its scanning capabilities are still limited.
The researchers at Avanan said, “As Team usage continues to increase, Avanan expects a significant increase in these sorts of attacks.” Currently, Microsoft Teams has over 270 million monthly active users.
CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks
New Marlin Backdoor used by Iranian Hackers Using in ‘Out to Sea’ Espionage Campaign
Russian Hackers Used COVID-19 Lures to Target European Diplomats