Cybercriminals are targeting Microsoft Teams users with the goal of executing Trojans on their machines.
Researchers at Avanan started tracking the campaign in January. Malicious documents are dropped into Teams conversations and, when clicked on, will take over a user’s computer. A report from the company states that criminals are using an executable file to install DLL files and allow the program to take over. By using an attached file, it’s easy for hackers to target millions of people.
Cyberattacks utilizing Microsoft Office 365 are extremely common. Teams is now becoming an increasingly popular vector for attacks, potentially due to businesses relying on the platform over the course of the pandemic. With the increase of remote work, Team’s nearly doubled their daily active users from 2020 to 2021.
The current campaign shows that cybercriminals have created a more sophisticated plan of attack, which is likely to increase over time. If hackers manage to successfully gain access to an account, whether through phishing or other means, they can compromise a partner organization or steal Microsoft 365 information. When they have access to Teams, it’s easy to bypass security protections, due to Team’s default settings being limited.
Microsoft Teams is also a trusted interface, sometimes to its detriment, due to individuals sharing personal and sensitive information over the platform. This includes medical information, personally identifiable information, amongst other things.
Users on the platform can collaborate with other departments and companies, leaving little questioning or verification when a request is sent over. In this case, while Microsoft’s brand name gives the app a level of implicit trust, it appears that the security level may not match people’s impressions.
The specific Trojan file criminals are using in this campaign is called “User Centric,” a .exe file that may appear to be from a trusted individual. Overall, it’s wise to double check anything with the particular person you’re receiving an attachment from before clicking on a link.
Sign up to our mailing list to receive more IT related educational information: