It's true — Microsoft Teams group chat requests can be bad for you, as hackers hijack them to spread malware

News
By published

Default Microsoft Teams feature could put organizations at risk

Microsoft Teams
(Image credit: Shutterstock / monticello)

Hackers are abusing a group chat feature in Microsoft Teams video conferencing software to deploy malware on people’s computers, researchers have warned.

Cybersecurity experts from AT&T Cybersecurity said that a threat actor was observed using either a compromised Teams user, or domain, to send more than 1,000 Teams group chat invites. 

Anyone who accepts the invitation is served a file titled “Navigating Future Changes October 2023.pdf.msi” - and those with a sharp eye will notice that the file pretends to be a PDF, but is actually an MSI file - a Windows Installer package that delivers the DarkGate malware.

Human error

According to researchers from Trellix, DarkGate is a Remote Access Trojan (RAT) that was first discovered back in 2018. It enables attackers to fully compromise victim systems, and is sold as malware-as-a-service (MaaS), by a threat actor under the alias RastaFarEye.

The hackers were able to send so many invitations thanks to a feature that allows external Microsoft Teams users to message other tenants’ users by default.

"Unless absolutely necessary for daily business use, disabling External Access in Microsoft Teams is advisable for most companies, as email is generally a more secure and more closely monitored communication channel," AT&T Cybersecurity’s researcher Peter Boyle said in the announcement.

"As always, end users should be trained to pay attention to where unsolicited messages are coming from and should be reminded that phishing can take many forms beyond the typical email."

BleepingComputer claims that there had been similar DarkGate campaigns last year, when hackers abused compromised external Office 365 accounts and Skype accounts to send messages with a VBA loader script attached. The publication also claims that many threat actors turned to DarkGate after Quakbot’s demise.  Microsoft Teams is currently one of the most popular communications and collaboration platforms in the world, with roughly 280 million active monthly users. 

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Phishing
Russian cyberattackers spotted hitting Microsoft Teams with new phishing campaign
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Microsoft Teams
Microsoft Teams is finally introducing a spam and phishing alert - here’s what you need to know
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
The Xiaomi Pad 7 Pro on a bronze table

I tested the Xiaomi Pad 7 Pro and it's the closest Android fans can get to an iPad Pro alternative
See more latest
Most Popular
HP Fury G1i 18"
'2-inches gets you 30% more screen': HP is pitching 18-inch laptop as the best new thing in tech
Framework Desktop
Framework's Desktop is selling like hot cakes; Ryzen Max+ 395, Max 383 batches are sold out with next shipment in Q3
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
A person using a smartphone with an ecommerce website showing on a laptop.
Consumers are warming up to AI assistants, survey finds - 1/3 of us would allow AI to make purchases
A bloodied Mark staring at an off-screen Helly as Gemma screams at him from behind an exit door in Severance season 2 episode 10
Severance season 3: everything we know so far about the wildly popular Apple TV+ show's next chapter
Nvidia DGX Spark AI supercomputer
Project Digits is now DGX Spark: Nvidia raises its price by 33% as HPE, Dell jump on Petaflop mini AI bandwagon
ChatGPT workout
I use ChatGPT to hit my fitness and exercise goals – here are 7 prompts to help you get in shape using AI