Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users

Priya Walia

In a disturbing development, hackers are now deploying highly sophisticated malware through seemingly innocuous messages on Microsoft Teams, leaving unsuspecting users vulnerable to cyberattacks. A newly discovered phishing scam named “DarkGate Loader” has recently come to light and is proving to be a formidable threat to the security of Microsoft Teams users.

The DarkGate Loader malware employs a cunning tactic to deceive recipients. Hackers craft messages with an enticing link that masquerades as an innocuous notice regarding changes to the company’s vacation schedule. However, this link leads users to .ZIP files that harbor the malicious payload, putting their systems and data at risk.

The research team at Truesec has been diligently monitoring DarkGate Loader since late August, revealing the hackers’ growing sophistication in crafting this cyber threat. The malware employs an intricate downloading process that camouflages its malicious intent, making it challenging to identify as a security threat.

On August 29, in the timespan from 11:25 to 12:25 UTC, Microsoft Teams chat messages were sent from two external Office 365 accounts compromised prior to the campaign. The message content aimed to social engineer the recipients into downloading and opening a malicious file hosted remotely.

What’s particularly alarming is that hackers managed to compromise Office 365 accounts to send out these malware-infected messages through Microsoft Teams. Truesec researchers identified several hijacked accounts involved in the distribution, including those of “Akkaravit Tattamanas” ([email protected]) and “ABNER DAVID RIVERA ROJAS” ([email protected]).

DarkGate Loader is comprised of an infected VBScript concealed within a Windows shortcut (LNK). The malware is designed with a SharePoint URL that further obfuscates its true nature, making it difficult for users to recognize it as a malicious file. Using a precompiled Windows cURL script type adds a layer of complexity, making it challenging to detect the hidden code within the file.

As hackers continue to refine their techniques and launch increasingly sophisticated attacks, Microsoft Teams users must exercise caution when receiving unexpected messages, especially those containing links. Staying vigilant and using up-to-date security software are crucial steps in protecting against such cyber threats.