Microsoft Teams is the newest target for hackers as malicious executable files are being dropped under the disguise that they might just be coming from a co-worker. Security provider Avanan, however, says that it is a Trojan.
Microsoft Teams Meetings Now the Target of Hackers to Circulate Malware
According to the story by PCMag, hackers have started to be seen when it comes to attempting to infiltrate Microsoft Teams meetings with the main goal of “circulating malware to unsuspecting users.”
The attacks were reportedly noticed as early as last month by Avanan, an email security provider, which saw malicious executable files being dropped by hackers during in-session Microsoft Teams chats.
How the Hackers Trick Microsoft Teams Users
As per the company’s official warning, thousands of these types of attacks have been seen per month by Avanan. In addition, for hackers to do this, PCMag says that they are most likely using a compromised email belonging to an employee.
With the compromised email, the hackers can access Microsoft Teams meetings within their company. With that, Microsoft 365 credentials can also be stolen, as per Avanan.
Millions of Users Targeted by Malware Attack on Microsoft Teams
Once the hackers can infiltrate the meeting, they will then casually drop a file pretending that it is part of a legitimate program known as “User Centric,” and once users click install, their unit will then be infected by a Trojan program dropping “malicious DLL files” which ultimately gives remote hijacking access to the hacker.
Avanan stated that through this Microsoft Teams attack, hackers had found a way for them to be able to target millions of users easily. The Avanan also ran a demo showing the malware on the Windows 7 setup.
No Confirmation Yet if Windows 10 and Windows 11 Users are Compromised
As of the moment, it remains unclear as to whether the attack is capable of working on Windows 10 or Windows 11. Avanan then added that many people who download the malicious files think that they come from a co-worker and not a hacker.
As per the company, although there are employees that were “trained to second-guess identities in email,” there are still a number of users that know how to ensure that both the name and photo that can be seen on a Teams conversation remains real.
Microsoft Teams Microsoft 365 ‘Built-in Antivirus Detection’
PCMag noted that no immediate response was given for Microsoft when a comment was requested, but as per the company support document, Microsoft Teams already has its own built-in antivirus detection through the help of Microsoft 365.
Despite the built-in antivirus protection, the company still claims that scanning is limited. In addition, the report by Avan comes just a day after the FBI said that scammers are now targeting video-conferencing platforms trying to dupe companies into sending money.