Security News > 2020 > November > Microsoft Teams Users Under Attack in ‘FakeUpdates’ Malware Campaign
Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies' networks with malware.
In the advisory, Microsoft said it's seen attackers in the latest FakeUpdates campaign using search-engine ads to push top results for Teams software to a domain that they control and use for nefarious activity, according to the report.
The link also installs a valid copy of Microsoft Teams on the system to appear legitimate and avoid alerting victims to the attack.
In addition to the FakeUpdates campaigns that use Microsoft Teams lures, the tech giant also has seen similar attack patterns in at least six other campaigns with variations of the same theme, suggesting a broader attack by the same threat actors, according to the report.
Microsoft offered a number of mitigation techniques for the latest wave of FakeUpdates attacks.
News URL
https://threatpost.com/microsoft-teams-fakeupdates-malware/161071/
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)