Hackers targeting Microsoft Teams chats with malware

Users are more trusting with Teams than email, cybersecurity firm says

February 22, 2022

2 Min Read

Users are more trusting with Teams than email, cybersecurity firm says

Hackers are distributing malware to unsuspecting users of Microsoft’s Teams platform.

The bad actors were found to be placing malicious .exe files on Teams chats, dubbed ‘User Centric.’ If installed, a Trojan program places DLL files on the user’s PC, allowing hackers to remotely take control of the system.

Microsoft is aware of the issue but has yet to comment on it.

Cybersecurity firm Avanan first spotted the attacks in January – suggesting “thousands” have occurred.

“By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users,” the company said. MS Teams has 270 million monthly active users, according to Microsoft.

The bad actors gain access to Teams chats by compromising partner organizations and listening in on inter-organizational chats, according to Avanan.

“They can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite.

“Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams.”

The New York-based firm said users are more trusting when using Teams compared with email.

“Most employees have been trained to second-guess identities in email, but few know how to make sure that the name and photo they see in a Teams conversation are real,” Avanan said.

“This attack demonstrates that hackers are beginning to understand and better utilize Teams as a potential attack vector. As Teams usage continues to increase, Avanan expects a significant increase in these sorts of attacks.”

Avanan’s Teams' warning came just days after the San Francisco 49ers were hit with a ransomware attack. A hacker stole financial data from the NFL outfit and posted it on the dark web.

Get the newsletter
From automation advancements to policy announcements, stay ahead of the curve with the bi-weekly AI Business newsletter.