Skip to main content
  1. Home
  2. Computing
  3. News

Hackers are sending malware through seemingly innocent Microsoft Teams messages

By

Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.

A new phishing scam called “DarkGate Loader” has been uncovered that targets Microsoft Teams. It can be identified with a message and a link that reads “changes to the vacation schedule.” Clicking this link and accessing the corresponding .ZIP files can leave you vulnerable to the malware that is attached.

Microsoft Team message showing DarkGate Loader malware.
Truesec Research

The research team Truesec has been observing DarkGate Loader since late August and notes that hackers have utilized an intricate downloading process that makes it so the file is difficult to identify as nefarious.

Recommended Videos

Hackers were able to use compromised Office 365 accounts to send the malware-infected message with the “changes to the vacation schedule” link through Microsoft Teams. Truesec found the accounts that were taken over by the hackers to send the DarkGate Loader malware. These include “Akkaravit Tattamanas” (63090101@my.buu.ac.th) and “ABNER DAVID RIVERA ROJAS” (adriverar@unadvirtual.edu.co).

Please enable Javascript to view this content

The malware comprises an infected VBScript hidden within an LNK (a Windows shortcut). The research team notes that the attack is crafty due to its SharePoint URL, which makes it hard for users to realize it’s a challenged file. The precompiled Windows cURL script type also makes the code harder to identify because the code is hidden in the middle of the file.

The script is able to pinpoint if the user has the antivirus Sophos installed. If not, the malware can inject additional code, in an attack called “stacked strings,” which opens a shellcode that creates a DarkGate executable that loads into the system memory, the team added.

DarkGate Loader isn’t the only phishing scam that has been plaguing Microsoft Teams this summer. A group of Russian hackers called Midnight Blizzard were able to use a social engineering exploit to attack approximately 40 organizations in August. The hackers used Microsoft 365 accounts owned by small businesses that had already been challenged and pretended to be technical support in order to execute attacks. Microsoft has since addressed the issue, according to Windows Central.

Last fall, one common trend was business email compromise (BEC) campaigns, which are phishing scams where a nefarious actor, disguised as a company boss, sends an email that looks like a forwarded email chain, with instructions to an employee to send money.

Another infamous exploit was the Windows zero-day vulnerability Follina. Researchers discovered it in the spring of last year and determined it allowed hackers access to the Microsoft Support Diagnostic Tool that is commonly associated with Microsoft Office and Microsoft Word.

Editors’ Recommendations

Topics
Fionna Agomuoh
Fionna Agomuoh
Computing Writer
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Hackers are using this incredibly sneaky trick to hide malware
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

One of the most important things you can do to protect your online security is install one of the best password managers, but a recent cyberattack proves that you have to be careful even when doing that. Thanks to some sneaky malware hidden in Google Ads, you could end up with viruses riddling your PC.

The issue affects popular password manager KeePass -- or rather, it attempts to impersonate KeePass by using misleading Google Ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll likely see it before the legitimate websites that follow beneath it.

Read more
Double-check that job posting — hackers are spreading malware through them
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

A new phishing scam has surfaced that is showing how sophisticated bad actors are becoming in tricking unsuspecting victims into giving up their personal information.

The latest cyberattack is centered around the job listing website, Indeed. Hackers send out an email spoofing an employment opportunity from the website. Once you click the link, it will send you to a Microsoft 365 login page to enter your credentials. From here you're not suspecting anything unscrupulous, but the next time you attempt to log into your Microsoft 365 account, you will find that not only are you getting an error message that the information is incorrect, but that your account is no longer available.

Read more
Bing Chat’s ads are sending users to dangerous malware sites
Bing Chat shown on a laptop.

Since it launched, Microsoft’s Bing Chat has been generating headlines left, right, and center -- and not all of them have been positive. Now, there’s a new headache for the artificial intelligence (AI) chatbot, as it’s been found it has a tendency to send you to malware websites that can infect your PC.

The discovery was made by antivirus firm Malwarebytes, which discussed the incident in a blog post. According to the company, Bing Chat is displaying malware advertisements that send users to malicious websites instead of filtering them out.

Read more