Hackers break into chats on Microsoft Teams to spread malware
International security researchers have just warned about a relatively new form of attack related to the Microsoft Teams enterprise communication application platform. In it, the hacker will try to break into the target's Microsoft Teams account, then access the chats and distribute the malicious executable file targeting the participants in that chat.
More than 270 million people are interacting on Microsoft Teams every month, from millions of organizations and businesses around the world. Most of them completely trust this application, but in fact Microsoft Teams currently does not have an effective measure against malicious files spreading on the platform.
Simple but effective form of malware distribution
Researchers at Avanan, a security company that primarily targets cloud email and collaboration platforms, were the first to detect this form of malware distribution targeting Microsoft Teams users.
The attacks appear to have begun in January. In it, hackers insert into the chat they successfully break into an executable file named 'User Centric' to convince and fool other members to launch it.
After the program is executed, the malware writes data to the system registry, then installs DLL files and establishes its stability on the infected Windows computer.
The method used by the hacker to gain access to the victim's Teams account is still unclear. But some possible possibilities include stealing email or Microsoft 365 credentials through phishing, or breaching a partner organization.
Analysis of malware distributed in this way shows that the trojan can establish persistence on the target system through Windows Registry Run keys, or by creating an entry in the startup directory. .
At the same time, the malware also collects detailed information about the operating system and the hardware it runs on, along with the security status of the machine based on the operating system version and installed patches.
Although the overall attack process is quite simple, the actual effectiveness is high because the common mentality of many Microsoft Teams users today is to completely trust the files that their colleagues share, researchers say. by Avanan said.
The company analyzed data from several hospitals that use Teams, and found that doctors often use the platform to share medical information unrestricted. In addition, impersonation on Microsoft Teams is also a big problem.
Researchers say the problem is exacerbated by 'the fact that Microsoft Teams is lacking default protections, as scanning for malicious links and files is limited' and 'multiple security solutions' email security does not provide strong protection for Teams'.
To 'defence' against such attacks, Avanan recommends the following:
- Implement measures to scan downloads to detect malicious content early
- Deploy comprehensive, powerful security for the system.
- Encourage end users to contact IT when suspicious files are distributed on the system
You should read it
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- New malware using web application has turned into a source of attack, very difficult to detect
- Link download Microsoft Teams 1.3.00.3564
- Reader code names famous games to infiltrate Microsoft Store
- Summary of shortcuts for Microsoft Teams to learn online
- Warning: New malicious code is infecting about 500,000 router devices
- How to use Microsoft Teams online
- Find bug in Emotet malware, prevent it from spreading for 6 months
- 14 games on the App Store contain malicious code, iPhone users be careful
- Microsoft integrates Teams utilities into Office.com website and Office Windows apps
- Users should be wary of this Microsoft Teams security flaw
- How to turn off mic in Microsoft Teams
Maybe you are interested
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft separates the retail sale of the Teams online meeting application from the Office package
Microsoft will separate the Teams app from the Office suite worldwide
Rescue teams begin removing twisted steel from a collapsed bridge in Baltimore
Analyzing Dota 2 Teams and Players: Key Factors to Consider Before Placing Your Bets
How to Use Teamspeak