Microsoft Teams users have been told to be on alert after hackers were spotted slipping malicious .exe executable files into conversations on the app.
The files in question are capable of self-administration and can write data to the Windows registry, install DLL programs, and create shortcut links, according to Check Point firm Avanan.
Hackers are likely to be using email spoofing to first gain access to Teams, before attaching malicious .exe files labelled "User Centric" to conversations, according to the researchers.
Upon clicking, the file will automatically take control of the user’s computer.
Avanan cyber security researcher and analyst Jeremy Fuchs said hackers “can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite".
After gaining access to Teams, circumventing any existing security measures is remarkably easy, Fuchs noted. Teams' default protections are lacking, with limited scans for malicious files and links. Most email security solutions do not provide robust protection for Teams, adding to the problem.
Teams is particularly vulnerable given that end users implicitly, and freely share sensitive information through the service.
Minimising downtime risk with resilient edge computing
Add value with on-premise edge computing
“Medical staff generally know the security rules and risk of sharing information via email, but ignore those when it comes to Teams. Further, nearly every user can invite people from other departments and there is often minimal oversight when invitations are sent or received from other companies,” explained Fuchs.
Several steps can be taken to mitigate the attack potential, including installing a sandbox that downloads and inspects all for malicious content, implementing multiple layers of security across all forms of communication, including Teams, and encouraging end users to flag suspicious files.
