Cybercriminals are reportedly using Microsoft Teams, a popular video conferencing platform, for a new type of malware attack. According to AT&T Cybersecurity Research, hackers are exploiting Microsoft Teams’ group chat requests to deliver malicious attachments, encouraging recipients to install DarkGate malware payloads on their systems. Researchers claim that attackers may use compromised Teams user accounts or domains to send over 1,000 phishing group chat requests.
Once the malware infects a victim’s system, it establishes contact with a command-and-control server. The hackers allegedly conducted a phishing campaign on Microsoft Teams, taking advantage of the platform’s default permission that allows users to send messages to each other. Palo Alto Networks identified the server used in these attacks as part of the DarkGate malware.
Security engineer Peter Boyle from AT&T Cybersecurity cautioned, “If not necessary for your daily work, it’s better to turn off external access in Microsoft Teams, as email is usually more secure and monitored. As always, employees should be taught to pay attention to the source of incoming messages and remember that phishing can occur not only through email but in various forms.”
Microsoft, with over 280 million monthly active users on its video calling service Teams, is a lucrative target for cybercriminals. DarkGate criminals appear to be targeting companies that haven’t disabled external access in Teams, attempting to infiltrate their internal networks.