Hackers are targeting Microsoft Teams with malware attacks

In a recent article, VentureBeat has referred to Microsoft Teams as “the new frontier for phishing attacks”. Hackers are increasingly moving beyond the traditional phishing-email method to other platforms such as Teams, which recently surpassed 270 million monthly users.

How it works

Our research suggests that hackers are dropping executable files into Teams conversations, in order to infect a victim’s device with Trojans. The attackers gain access by hacking into a user’s email account — or by using stolen Microsoft 365 credentials. Once inside, they can bypass protections and access various systems. The problem is that organisations do a good job of training their employees to identify suspicious emails — but threats via platforms such as Teams have so far seen little threat education.

One example making the rounds is the story of a CEO who was traveling to China. Posing as the CEO, a hacker sent a WhatsApp message to relevant employees, inviting them to join a Teams meeting. In the meeting, the employees saw what they thought was the CEO over the webcam (actually made with video footage from a past TV interview).  

As there was no audio, the fake CEO asked that — due to a bad connection — employees instead send him the requested information on a SharePoint link, which he then dropped into the chat. Dismayingly, one employee did so. . .


To defend against such attacks, we recommend that businesses and individuals install protection that inspects all incoming files and secures all communication suites — including Microsoft Teams. Users can add an extra layer of protection to their devices today with Trend Micro Device Security Pro. It includes web threat protection, ransomware protection, phishing and spam protection to help you combat scams and cyberattacks.

So to our readers who use Teams — keep an eye out for any unfamiliar file deliveries or surprising lines of communication.

Share on social media:

Leave a Reply

Your email address will not be published. Required fields are marked *