Digital Forensics Dispatch

Microsoft Teams Being Used to Distribute Malware

February 22, 2022

Michael Kan of PC Mag recently reported that hackers have circulated malware via Microsoft Teams. Email security provider Avanan found that hackers were dropping malicious files on MS Teams through the chats available during the Teams meeting.

It is likely that the attackers gained access to a user’s account through a phishing email or credential harvesting the Microsoft 365 login information. The attackers likely infiltrated an email account that belonged to an employee and then used that email to access the Teams meeting to distribute additional malware.

Once a meeting has been infiltrated by an attacker, the attacker will drop an executable file named UserCentric.exe, a trojan masquerading as a legitimate program. If the executable is installed, the trojan will drop malicious DLL files on the infected machine that will allow for a remote hijacking of the computer system.

It is critical that a user verify that what is being sent to them is a valid file. While anti-virus programs can catch a lot of malicious files, they can only find the malware in their databases and there are constantly evolving strains. If a co-worker sends you a file via email, teams or some other file sharing platform and you are not expecting it, or even if you are, validate that they actually sent that file to you. Pick up the phone and give them a call, walk down to their office and ask them about it.

If they’ve sent you an executable file (.exe/.dmg) and are telling you to download this program, do yourself a favor and head to the company’s website and get it from the legitimate company, or contact your IT support and have them install the legitimate file for you.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics