Hackers have infiltrating Microsoft Teams meetings with the goal of circulating malware to unsuspecting users.
Its been noted that the attacks, involves hackers dropping malicious executable files on Microsoft Teams through in-session chats as per the published report by Avanon.
The hackers are likely infiltrating Microsoft Teams after first compromising an email account belonging to an employee. The email account can then be used to access Teams meetings at their company.
Hackers could also be stealing login credentials for Microsoft 365 which bundles Microsoft Teams through email phishing campaigns. Hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams.
Hackers will drop a malicious executable file that pretends to be a legitimate program called “User Centric.” If a user installs it, the Trojan program will drop malicious DLL files on the PC, which can allow the hacker to remotely hijack the system. By this their exist a possibility of affecting millions of devices.
Microsoft didn’t immediately respond to a request for comment. A support document says Microsoft Teams does have a built-in antivirus detection through Microsoft 365, the scanning was still limited, and slow to identify attacks in real-time.
As Teams usage continues to increase, Avanan expects a significant increase in these sorts of attacks. Microsoft itself recently reported the Teams product now has over 270 million monthly active users.