Hackers have devised a scary effective method of infecting millions of users in one go. Hackers have started dropping harmful executable files in Microsoft Teams discussions, resulting in new sorts of intrusions. Anyone in the chat room who thereafter opens this file becomes infected with malware.
It’s easy to understand how the attacks may be used to infect a huge number of people at once. Microsoft Teams is a messaging, task, and, of course, critical office file sharing platform that is used by large organizations. Hackers then smuggle a harmful file into these, which can easily fool anyone into downloading and running it, especially given people’s natural faith in official groups.
The attacks on Microsoft Teams chats started in January of this year, and Avanan, a Check Point company that secures such collaborative platforms, has now identified them. The firm said in a study that it has witnessed “thousands” of such attacks, in which hackers attach a harmful Trojan document to a Teams chat thread.
The document is described as a.exe file named “User Centric” in the report. This file is a Trojan which, which upon installation by those who are tricked by it, writes data to the Windows registry. It then installs DLL files on the compromised system and creates shortcut links to self-administer.
Of course, the assaults can only be launched once a hacker has gained access to a Teams chat. According to Avanan, this can be done in a variety of ways. According to the report, hackers can use an inter-organizational chat to gain access to a target organization, or they can use an email address to gain access to Teams. Previous phishing attempts may have provided them with a person’s Microsoft 365 credentials, which can subsequently be used to access Teams or any other Microsoft Office suite service.
With Teams being the go-to solution for businesses and such security flaws, it is quickly becoming a popular target for hackers. Avanan then recommends that companies use full-suite security, which can protect all lines of company communication, including Teams.