Security News > 2024 > January > Microsoft Teams phishing pushes DarkGate malware via group chats
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems.
The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.
This phishing attack is possible because Microsoft allows external Microsoft Teams users to message other tenants' users by default.
DarkGate operators capitalize on this by pushing their malware through Microsoft Teams in attacks targeting organizations where admins haven't secured their tenants by disabling the External Access setting.
Similar campaigns were observed last year pushing DarkGate malware via compromised external Office 365 accounts and Skype accounts that sent messages containing VBA loader script attachments.
Initial access brokers like Storm-0324 have also used Microsoft Teams for phishing to breach corporate networks with the help of a publicly available tool called TeamsPhisher that exploits a security issue in Microsoft Teams.
News URL
Related news
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)