Description
Researchers have discovered that some attackers are exploiting Microsoft Teams accounts. The aim behind this act is to sneak into chat rooms and transmit harmful executable code to other users.
Microsoft Teams has over 270 million monthly users, many of whom place their trust in the program and do not expect to be targeted by threat actors.
Summary
Researchers confirmed that these attacks began in January, whereby the cybercriminal inserts an executable file called “User Centric” into a chat to deceive the user into running it.
Once the malicious file has been executed, it inserts data into the system registry, as well as the direct link library (DLL which is a library that contains code and data that can be used by more than one program at the same time) and maintains connectivity on the windows system.
How it works?
It is unclear on the methodology being used to access Teams accounts; however, it maybe suspected the threat actors are using email phishing to steal Microsoft 365 users” credentials.
Hackers used a malicious trojan document attached to a chat thread in the Microsoft Teams to launch the attack. Where the attacker eventually takes control of the users machine once clicked on.
The malicious file can create connectivity via Windows Registry Run keys or by adding an item to the startup folder, according to an automatic analysis of the malware nature that was done.
It also gathers precise data capture about the type of operating system and hardware it operates on, as well as the machines security state based on the operating system versions and updates that were applied.
Remediation
To circumvent this type of malware, users are advised to follow the steps below:
The Guyana National CIRT recommends that users and administrations review this alert and apply it where necessary.
PDF Download: Hackers Manipulate Microsoft Teams Chats.pdf
References