Security News > 2020 > November > Microsoft Teams Users Under Attack in ‘FakeUpdates’ Malware Campaign
Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies' networks with malware.
In the advisory, Microsoft said it's seen attackers in the latest FakeUpdates campaign using search-engine ads to push top results for Teams software to a domain that they control and use for nefarious activity, according to the report.
The link also installs a valid copy of Microsoft Teams on the system to appear legitimate and avoid alerting victims to the attack.
In addition to the FakeUpdates campaigns that use Microsoft Teams lures, the tech giant also has seen similar attack patterns in at least six other campaigns with variations of the same theme, suggesting a broader attack by the same threat actors, according to the report.
Microsoft offered a number of mitigation techniques for the latest wave of FakeUpdates attacks.
News URL
https://threatpost.com/microsoft-teams-fakeupdates-malware/161071/
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Trust Signing service abused to code-sign malware (source)
- Microsoft Trusted Signing service abused to code-sign malware (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)