Cybercriminals are constantly looking for new ways to spread malware, and the recent DarkGate case delivered via Microsoft Teams is a prime example of the need to increase cyber security awareness among users. AT&T researchers discovered a phishing attack that used a Microsoft Teams group chat to inject malware into victims’ systems, stressing the importance of handling spam with caution and turning off external access in Teams whenever possible.
Since the crash of the Qakbot botnet in August, there has been an increase in cybercriminals’ reliance on DarkGate as a primary method for gaining access to corporate networks. Using phishing and malicious ads, attackers distribute this malware, which can bypass Windows Defender, steal browser history, and Discord tokens.
Attackers used a compromised .onmicrosoft.com domain to send more than 1,000 malicious invitations to a Teams group chat. They convinced recipients to download a file with a deceptive double extension, which led to the installation of malware that received commands from a command-and-control server.
Recommendations for users
To protect against such attacks, users should pay attention to unsolicited messages asking for file downloads and consider disabling external access in Microsoft Teams if it is not necessary for day-to-day work. These measures can help avoid the hassles associated with cyber attacks and ensure the safe use of corporate networks.