The new attack comes via an access request in a Microsoft Teams group chat to spread suspicious files for the DarkGate malware
Telecom provider AT&T warns of this. If the target accepts the request, the attackers attempt to trick chat participants into downloading the file Navigating Future Changes October 2023.pdf.msi. This double extension is a common approach of the DarkGate malware. Moreover, the installed file connects to a command-and-control server known to belong to the DarkGate infrastructure.
DarkGate was initially developed by cybercriminals and then sold on underground forums as malware-as-a-service. This gives buyers a toolkit to take over a victim’s system. The malware has been in development since 2017 and continues to haunt businesses worldwide.
Risks external users
By default, Microsoft allows external users to send meeting access requests, which may be necessary, for example, to give a presentation to a large group of people from outside their organization. However, AT&T, upon discovering this new phishing campaign, warns of the risks of access requests by external users. “Unless absolutely necessary for daily business use, disabling External Access in Microsoft Teams is advisable for most companies, as email is generally a more secure and more closely monitored communication channel,” said a security expert from the telecom provider.
Tip: Organizations are holding 3D meetings with Microsoft Teams
1 day ago
