New Malware Found Infecting Microsoft Teams Meetings

Microsoft Teams Malware Featured

You may want to think twice the next time you’re on a conference call. It’s not really a time you can let your guard down. Even when doing something as innocuous as joining a chat with co-workers, you can still get hit with malware. Security experts discovered hackers have been targeting Microsoft Teams meetings with malware.

Security Firm Discovered Malware Attacks

It was email security firm Avanan that discovered the malware attack. Hackers find their way into Microsoft Teams meetings and leave behind infectious executable files.

Perhaps worse yet, this doesn’t seem to be an isolated incident. “Avanan has seen thousands of these attacks per month,” noted the company in a blog post.

It’s unclear how the hackers are gaining access to the Teams meetings. However, it’s assumed that unwitting employees are being targeted through their email accounts.

Once the hackers gain access to the email account, they use those credentials to get access to the work chat. It’s also possible that hackers are getting into the Teams meetings by stealing Microsoft 365 credentials via email phishing.

Avanan explained, “Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams.”

Microsoft Teams Malware User Centric
User Centric Executable File

Once they have access to the Microsoft Teams meetings, hackers pretend they are sharing a program titled “User Centric.” After a call participant installs the file, they end up with a Trojan program that loads malicious DLL files that allow the hacker to infiltrate the PC.

Avanan added that “by attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.”

Microsoft Teams Malware Install
User Centric Malware Demo

While Avanan showed a demo of the malware on a Windows 7 machine, it also admitted it could easily run on Windows 10 by just adding a “few extra lines of code.”

Microsoft Teams Became a Perfect Delivery Vehicle

This all works because the call participants are unsuspecting. “Most employees have been trained to second guess identities in email, but few know how to make sure that the name and photo they see in a Teams conversation are real,” said Avanan.

Avanan has even found that hospitals are using Microsoft Teams. Doctors use the platform to share sensitive patient information with each other. They worry about security issues in email – but not in conference calls. Like many Teams users, they are often not familiar with the platform.

Microsoft Teams Malware Video Conference

Of course, it’s the rise in remote meetings during the pandemic that pushed this along. The increase in meetings conducted on Microsoft Teams, Zoom, Skype, etc., gives hackers a whole new delivery system for their malware. Microsoft Teams now has 270 million active users.

While a support document showed that Microsoft 365 provides Teams with a built-in antivirus, Avanan believes it provides limited protection and doesn’t identify malware quickly enough.

When you’re using Microsoft Teams and other conference software, remember to use all the safe practices you normally do in texting and emails.

Microsoft Teams Malware Conference Call

I was hit with a hack this week in Facebook Messenger. It was in a chat for my high school reunion get-together. An unsuspecting participant had been hacked, and his profile posted, “OMG, look who died,” with a Facebook link. That seemed very legit, providing it was a high school reunion group.

I clicked it and found a dead link. A day later, Facebook notified me that an unknown device was trying to get access, then I was locked out. Luckily, I had 2FA turned on for Facebook, so they didn’t get very far. It just took about a half hour of changing passwords and verifying my identity to get it all back.

I urge you to learn more about 2FA and set it up wherever possible if you haven’t already. Cover everything, even apps like Microsoft Teams where you think you may be safe.

Image Credit: Avanan

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox