Hackers Circulate Malware by Breaking Into Microsoft Teams Meetings

pcmag.com:

Hackers have been spotted infiltrating Microsoft Teams meetings with the goal of circulating malware to unsuspecting users. 

Last month, email security provider Avanan noticed the attacks, which involve hackers dropping malicious executable files on Microsoft Teams through in-session chats. “Avanan has seen thousands of these attacks per month,” the company warned in a Thursday report.

The hackers are likely infiltrating Microsoft Teams after first compromising an email account belonging to an employee. The email account can then be used to access Teams meetings at their company. 

Hackers could also be stealing login credentials for Microsoft 365—which bundles Microsoft Teams—through email phishing campaigns. “Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams,” said Avanan, which was recently acquired by security firm Check Point Software.

Once inside a meeting, hackers will drop a malicious executable file that pretends to be a legitimate program called “User Centric." If a user installs it, the Trojan program will drop malicious DLL files on the PC, which can allow the hacker to remotely hijack the system. 

"By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users,” Avanan said. The company also showed a demo of the malware, but it ran on a Windows 7 setup; it's unclear if the attack works on Windows 10 or Windows 11 PCs.

The malware exploits the trust people have in Microsoft Teams, Avanan said; people think the link is coming from a co-worker, not a hacker. “Most employees have been trained to second-guess identities in email, but few know how to