Skip to main content

Hackers are sending malware through seemingly innocent Microsoft Teams messages

Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.

A new phishing scam called “DarkGate Loader” has been uncovered that targets Microsoft Teams. It can be identified with a message and a link that reads “changes to the vacation schedule.” Clicking this link and accessing the corresponding .ZIP files can leave you vulnerable to the malware that is attached.

Microsoft Team message showing DarkGate Loader malware.
Truesec Research

The research team Truesec has been observing DarkGate Loader since late August and notes that hackers have utilized an intricate downloading process that makes it so the file is difficult to identify as nefarious.

Hackers were able to use compromised Office 365 accounts to send the malware-infected message with the “changes to the vacation schedule” link through Microsoft Teams. Truesec found the accounts that were taken over by the hackers to send the DarkGate Loader malware. These include “Akkaravit Tattamanas” (63090101@my.buu.ac.th) and “ABNER DAVID RIVERA ROJAS” (adriverar@unadvirtual.edu.co).

The malware comprises an infected VBScript hidden within an LNK (a Windows shortcut). The research team notes that the attack is crafty due to its SharePoint URL, which makes it hard for users to realize it’s a challenged file. The precompiled Windows cURL script type also makes the code harder to identify because the code is hidden in the middle of the file.

The script is able to pinpoint if the user has the antivirus Sophos installed. If not, the malware can inject additional code, in an attack called “stacked strings,” which opens a shellcode that creates a DarkGate executable that loads into the system memory, the team added.

DarkGate Loader isn’t the only phishing scam that has been plaguing Microsoft Teams this summer. A group of Russian hackers called Midnight Blizzard were able to use a social engineering exploit to attack approximately 40 organizations in August. The hackers used Microsoft 365 accounts owned by small businesses that had already been challenged and pretended to be technical support in order to execute attacks. Microsoft has since addressed the issue, according to Windows Central.

Last fall, one common trend was business email compromise (BEC) campaigns, which are phishing scams where a nefarious actor, disguised as a company boss, sends an email that looks like a forwarded email chain, with instructions to an employee to send money.

Another infamous exploit was the Windows zero-day vulnerability Follina. Researchers discovered it in the spring of last year and determined it allowed hackers access to the Microsoft Support Diagnostic Tool that is commonly associated with Microsoft Office and Microsoft Word.

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Microsoft Teams is about to get faster and much easier to use
Several Microsoft Teams windows and features opened simultaneously.

Microsoft has announced a major revamp of the Teams application for Windows, which was made available as a public preview on Monday.

The brand said that Teams has received a ground-up redesign, which will “empower customers to navigate the challenges of the evolving modern workplace.”

Read more
AMD may lose a golden opportunity to beat Nvidia this year
AMD logo on the RX 7800 XT graphics card.

A year and a half after the launch of RDNA 3, AMD's graphics card lineup has grown a little stagnant -- as has Nvidia's. We're all waiting for a new generation, and according to previous leaks, AMD was getting ready to release RDNA 4 later this year. Except that now, we're hearing that it might not happen until CES 2025, which is still six months away.

Launching the new GPUs in the first quarter of 2025 is a decision that could easily backfire, and it's never been more important for AMD to get the timing right. In fact, if AMD really decides to wait until January 2025 to unveil RDNA 4, it'll miss out on a huge opportunity to beat Nvidia.
There's never been a better time
Who's a PC hardware enthusiast's best friend during the period between one generation of GPUs and the next? Various leakers, of course. Without them, we'd be kept in the dark for months on end.

Read more
My Steam library (probably) looks better than yours
A Steam library filled with custom artwork.

I don't mean to brag, but my Steam library is looking pretty good these days. No, it's not the number of games I own, my Steam level showing how much money I've throw into the digital void, or a string of Counter-Strike 2 skins that I hold like securities. My Steam library looks good because I spent just a little bit of time tweaking the artwork for games that I have installed.

You might already know that Steam allows you to set custom artwork for your games. Hover over any game in your library, right-click, and follow Manage > Set custom artwork to apply just about anything to the grid, hero, and icon images of your Steam library. Even with a few dozen games -- most PC gamers I know have a library in the hundreds -- it could take you hours doing this for every game in your library as you hunt down artwork, organize it on your PC, and set it within Steam.

Read more