Security News > 2024 > January > Microsoft Teams phishing pushes DarkGate malware via group chats
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems.
The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.
This phishing attack is possible because Microsoft allows external Microsoft Teams users to message other tenants' users by default.
DarkGate operators capitalize on this by pushing their malware through Microsoft Teams in attacks targeting organizations where admins haven't secured their tenants by disabling the External Access setting.
Similar campaigns were observed last year pushing DarkGate malware via compromised external Office 365 accounts and Skype accounts that sent messages containing VBA loader script attachments.
Initial access brokers like Storm-0324 have also used Microsoft Teams for phishing to breach corporate networks with the help of a publicly available tool called TeamsPhisher that exploits a security issue in Microsoft Teams.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)