IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers caught dropping malware into Microsoft Teams chats

The self-administering files can take complete control of a user's system after a single click

The Microsoft Teams logo displayed on a smartphone in front of a screen of red and blue computer code

Microsoft Teams users have been told to be on alert after hackers were spotted slipping malicious .exe executable files into conversations on the app.

The files in question are capable of self-administration and can write data to the Windows registry, install DLL programs, and create shortcut links, according to Check Point firm Avanan.

Hackers are likely to be using email spoofing to first gain access to Teams, before attaching malicious .exe files labelled "User Centric" to conversations, according to the researchers.

Upon clicking, the file will automatically take control of the user’s computer.

Avanan cyber security researcher and analyst Jeremy Fuchs said hackers “can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite".

After gaining access to Teams, circumventing any existing security measures is remarkably easy, Fuchs noted. Teams' default protections are lacking, with limited scans for malicious files and links. Most email security solutions do not provide robust protection for Teams, adding to the problem.

Teams is particularly vulnerable given that end users implicitly, and freely share sensitive information through the service.

Related Resource

Minimising downtime risk with resilient edge computing

Add value with on-premise edge computing

Whitepaper cover with green copy showing title and Schneider Electric logoFree Download

“Medical staff generally know the security rules and risk of sharing information via email, but ignore those when it comes to Teams. Further, nearly every user can invite people from other departments and there is often minimal oversight when invitations are sent or received from other companies,” explained Fuchs.

Several steps can be taken to mitigate the attack potential, including installing a sandbox that downloads and inspects all for malicious content, implementing multiple layers of security across all forms of communication, including Teams, and encouraging end users to flag suspicious files.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

17 Jun 2022
Microsoft silent patches called “a grossly irresponsible policy”
cyber security

Microsoft silent patches called “a grossly irresponsible policy”

15 Jun 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022