Security researchers at the Check Point company Avanan warn that cybercriminals are hacking Microsoft Teams accounts and dropping malicious executable files into conversations in order to infect participants' devices with malware.
The attacks began in January 2022. Microsoft Teams detected thousands of attacks that month, mostly at organizations, particularly media outlets, in the Great Lakes region of the U.S.
Hackers drop a malicious Trojan document into the chat thread. A user can easily pretend to be an organization's CEO, CFO, of IT help desk on Microsoft Teams. If a participant clicks on the document, the Trojan will run.
After it is executed, the malware writes data into the system registry and establishes persistence on the Windows device. The malware collects detailed information about the operating system, the hardware it runs on, the OS version, and the patches installed. This tells cybercriminals the security state of the device.
It is still unknown how cybercriminals are getting access to Teams accounts, but experts believe they may be using phishing scams or compromising a partner organization to steal email or Microsoft 365 credentials.
Researchers at Avanan say the attack is efficient because "many users trust files received over Teams." The organization's analysis of data from hospitals found that doctors are sharing medical information unrestricted over Microsoft Teams.
Although users have been trained to be cautious of links and documents in email, they show no similar caution concerning files received through Teams. Many users approve requests because they are less familiar with Teams, researchers say.
In addition, according to the researchers, Teams lacks default protections, with only limited scanning for malicious links and files. Many email security solutions also fail to properly address Teams security.
Avanan recommends implementing cybersecurity software that downloads all files in a sandbox and inspects them for malware; securing all lines of business communications, including Teams; and encouraging users to ask IT about unfamiliar files. Ionut Ilascu "Hackers slip into Microsoft Teams chats to distribute malware" www.bleepingcomputer.com (Feb. 17, 2022).