Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard

News
By published

Crooks are tricking victims into granting them access via AnyDesk

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)
  • Criminals are reaching out to victims, offering to help with a "problem"
  • To fix the issue, they request AnyDesk access
  • If they get it, they drop the DarkGate malware and steal sensitive data

Cybercriminals are combining Microsoft Teams and AnyDesk to try and install a dangerous piece of malware on their target’s devices, experts have warned.

A report from Trend Micro, which claims to have recently observed one such attack in the wild, notes how the attackers would first send thousands of spam emails to their targets, and then reach out via Microsoft Teams, impersonating an employee of an external supplier.

Offering help with the problem, the attackers would instruct the victim to install a Microsoft Remote Support application. If that failed, they would try the same with AnyDesk. If successful, the attackers would use the access to deliver multiple payloads, including a piece of malware called DarkGate.

Abusing legitimate tools

DarkGate is a highly versatile malware that can act as a backdoor on infected systems, allowing attackers to execute commands remotely. It can install additional payloads, and exfiltrate sensitive data without being detected. Data of high value includes login credentials, personally identifiable information, or data on clients, customers, and business partners.

One of its notable features is its modular design, allowing attackers to modify the malware’s functionality. So, in one scenario it can act as an infostealer, and in another, as a dropper.

The attack was blocked before doing any meaningful damage, but the researchers used it as an opportunity to warn businesses of the constant threat that lurks on the internet.

Organizations need to train their employees to spot phishing and social engineering attacks, deploy multi-factor authentication (MFA) wherever possible, and put as much of their infrastructure behind a VPN as possible. Furthermore, they should keep both software and hardware up to date, and keep in mind end-of-life dates for critical equipment.

Ultimately, they should use common sense and not fall for obvious scam attempts that are running rampant on the internet.

Via The Hacker News

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Phishing
Russian cyberattackers spotted hitting Microsoft Teams with new phishing campaign
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Latest in Security
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Latest in News
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
More about security
IBM office logo

IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Andrew Koji as Zeek pointing a gun at someone off camera.

Andrew Koji reveals Gangs of London season 3's new mysterious assassin is like 'the human Terminator' in the Sky Original series
See more latest
Most Popular
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
De'Longhi Linea Classic espresso machine on kitchen counter with hot and cold coffee drinks
I'm a qualified barista, and De'Longhi's latest espresso machine could be this year's best budget buy for coffee lovers
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
A Minecraft sheep.
Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Apple iPhone 16 Review
New iPhone 17 report lends weight to rumors of major display and camera upgrades, and a pricey Apple foldable