Security News > 2024 > January > Microsoft Teams phishing pushes DarkGate malware via group chats
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems.
The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.
This phishing attack is possible because Microsoft allows external Microsoft Teams users to message other tenants' users by default.
DarkGate operators capitalize on this by pushing their malware through Microsoft Teams in attacks targeting organizations where admins haven't secured their tenants by disabling the External Access setting.
Similar campaigns were observed last year pushing DarkGate malware via compromised external Office 365 accounts and Skype accounts that sent messages containing VBA loader script attachments.
Initial access brokers like Storm-0324 have also used Microsoft Teams for phishing to breach corporate networks with the help of a publicly available tool called TeamsPhisher that exploits a security issue in Microsoft Teams.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (source)
- New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (source)
- Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- GitHub comments abused to push malware via Microsoft repo URLs (source)
- Millions of Docker repos found pushing malware, phishing sites (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)