Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.
In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the user’s computer, according to a report published Thursday.
Now Microsoft Teams – a business communication and collaboration suite – is emerging as an increasingly popular attack surface for cybercriminals, Fuchs said.
“They can compromise an email address and use that to access Teams. They can steal Microsoft 365 credentials, giving them carte blanche access to Teams and the rest of the Office suite.”
An Avanan analysis of hospitals that use Teams found that doctors share patient medical information practically with no limits on the Teams platform,” Fuchs wrote.
In the attack vector Avanan researchers observed, attackers first access Teams through one of the aforementioned ways, such as a phishing email that spoofs a user, or through a lateral attack on the network.