Posted on February 19, 2022 at 1:56 PM
A recent report has revealed that threat actors are turning their attention to Microsoft Teams Meetings as a channel to distribute malware.
Email security provider Avanan stated that the hackers are planting malicious executable files in the Teams meeting that look like it was sent by a co-worker. But in the real sense, the file contains a Trojan. Avanan stated that its security researchers noticed the attack last month, and the attack is still ongoing.
The email security firm warned that it has seen thousands of such attacks last month, and the rate is likely going to increase if nothing is done to prevent it. The attacks could affect thousands of people who regularly use the Microsoft Team meeting software to share files and conduct in-chat sessions regarding their work.
Hackers Are Utilizing Compromised Email
Avanan also provided details on how the attackers were able to gain access to the Microsoft Teams Meetings.
The security team stated that the threat actors are most likely using compromised email accounts of employees for their attack.
The hackers can gain access to the Microsoft Team meetings within their company from compromised email accounts. As a result, the employee’s Microsoft 365 credentials can also be stolen, which is then used to access the in-chat session. This makes it difficult to detect and stop because the moderator and other employees may not detect any issue.
After the attacker gains access to the meeting, they can drop the file casually and pretend that it is part of a genuine program known as “User-Centric.” Users’ systems can be infected once they click and install the file. This drops “malicious DLL files” into the user’s system, allowing the threat actor to have remote hijacking access to the device.
Millions Of Users At Risk
Millions of workers and employees are using the Microsoft Team meeting app to get along when organizing chat sessions. This means that many will be at risk of being infected if the activities of the threat actors continue. To explain how the hackers can infiltrate the sessions, and distribute malware, Avaran ran a demo showing the malware on the Windows 7 setup.
It’s not certain yet whether Windows 10 and Windows 11 users are affected by the attack. Avanan added that a lot of people that unknowingly downloaded the malicious files believe that their system was infected through the files sent by their co-workers without realizing that a hacker is responsible for the attack.
While some employees are “trained to second-guess identities in email,” so many users out there can still make sure that the name and photo that appears on the screen of the Teams chat remains real.
Avanan says it expects an increase in the number of attacks as Teams usage continues to increase. In a recent report, Microsoft revealed that the Teams product now has more than 270 million monthly active users.
Microsoft Has A Built-In Antivirus Detection
The Microsoft security team has not given a response on the issue at the time of writing. However, the tech giant’s support document has already provided a built-in antivirus detection system via Microsoft 365 that can help users of the app. But the antivirus support does not guarantee maximum protection against the attack, according to Avanan.
The company admitted that the scanning feature is not enough to spot and prevent hackers from infiltrating the system.
The malware is believed to only exploit users with Microsoft Teams, but it’s unclear whether more people will be targeted or whether the malware will be updated to expand its targets.
The FBI Warns Against Attacks Targeting Video Conferencing Sites
The latest development is coming barely 24 hours after the FBI warned that threat actors are now targeting video-conferencing platforms to deceive them into sending money.
According to the agency, there has been an increase in the use of virtual meeting platforms to trick companies into sending payments to wrong accounts. This is part of a more common type of attack known as a BEC scam.
This shows that threat actors are now showing increased interests in conferencing groups as a medium to launch attacks on unsuspecting victims. The method is usually largely successful because there is no method of using security software to stop the attack since they are assumed to be sent by co-workers or fellow employees.