Security News > 2020 > November > Microsoft Teams Users Under Attack in ‘FakeUpdates’ Malware Campaign
Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies' networks with malware.
In the advisory, Microsoft said it's seen attackers in the latest FakeUpdates campaign using search-engine ads to push top results for Teams software to a domain that they control and use for nefarious activity, according to the report.
The link also installs a valid copy of Microsoft Teams on the system to appear legitimate and avoid alerting victims to the attack.
In addition to the FakeUpdates campaigns that use Microsoft Teams lures, the tech giant also has seen similar attack patterns in at least six other campaigns with variations of the same theme, suggesting a broader attack by the same threat actors, according to the report.
Microsoft offered a number of mitigation techniques for the latest wave of FakeUpdates attacks.
News URL
https://threatpost.com/microsoft-teams-fakeupdates-malware/161071/
Related news
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)