IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers caught dropping malware into Microsoft Teams chats

The self-administering files can take complete control of a user's system after a single click

The Microsoft Teams logo displayed on a smartphone in front of a screen of red and blue computer code

Microsoft Teams users have been told to be on alert after hackers were spotted slipping malicious .exe executable files into conversations on the app.

The files in question are capable of self-administration and can write data to the Windows registry, install DLL programs, and create shortcut links, according to Check Point firm Avanan.

Hackers are likely to be using email spoofing to first gain access to Teams, before attaching malicious .exe files labelled "User Centric" to conversations, according to the researchers.

Upon clicking, the file will automatically take control of the user’s computer.

Avanan cyber security researcher and analyst Jeremy Fuchs said hackers “can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite".

After gaining access to Teams, circumventing any existing security measures is remarkably easy, Fuchs noted. Teams' default protections are lacking, with limited scans for malicious files and links. Most email security solutions do not provide robust protection for Teams, adding to the problem.

Teams is particularly vulnerable given that end users implicitly, and freely share sensitive information through the service.

Related Resource

Minimising downtime risk with resilient edge computing

Add value with on-premise edge computing

Whitepaper cover with green copy showing title and Schneider Electric logoFree Download

“Medical staff generally know the security rules and risk of sharing information via email, but ignore those when it comes to Teams. Further, nearly every user can invite people from other departments and there is often minimal oversight when invitations are sent or received from other companies,” explained Fuchs.

Several steps can be taken to mitigate the attack potential, including installing a sandbox that downloads and inspects all for malicious content, implementing multiple layers of security across all forms of communication, including Teams, and encouraging end users to flag suspicious files.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022
Microsoft warns of new botnet variant targeting Windows and Linux systems
Security

Microsoft warns of new botnet variant targeting Windows and Linux systems

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
Security

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

11 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022