Security News > 2024 > January > Microsoft Teams phishing pushes DarkGate malware via group chats
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems.
The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.
This phishing attack is possible because Microsoft allows external Microsoft Teams users to message other tenants' users by default.
DarkGate operators capitalize on this by pushing their malware through Microsoft Teams in attacks targeting organizations where admins haven't secured their tenants by disabling the External Access setting.
Similar campaigns were observed last year pushing DarkGate malware via compromised external Office 365 accounts and Skype accounts that sent messages containing VBA loader script attachments.
Initial access brokers like Storm-0324 have also used Microsoft Teams for phishing to breach corporate networks with the help of a publicly available tool called TeamsPhisher that exploits a security issue in Microsoft Teams.
News URL
Related news
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams (source)
- Ongoing Phishing and Malware Campaigns in December 2024 (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)