Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Malware delivered via Microsoft Teams

February 20, 2022 - 2 min read


Recently, Avanan released a blog post mentioning the interest of adversaries in Microsoft Teams as a launchpad for their malicious attacks. Attackers have always targeted online collaboration tools like Slack and Discord for malware distribution and phishing. While this is probably not the first time that teams have been used for infecting users, this trend has been on the rise with increasing popularity of Teams.  


Campaign overview

Hackers are targeting Teams platform for sharing malicious trojan files at scale to infect unwitting users. They are using various means to get access to user’s emails which in turn is used to get into Teams and subsequently share malicious files with more users to infect them. Files shared over Teams are executable files which can take control over the system. 

Hackers get the added benefit of attacking over Teams or any other similar service if they use SSL encryption which can automatically bypass some security tools which are oblivious to things happening under SSL. Furthermore they are taking advantage of the trust between the compromised user and the target users as they are more likely to open the files coming from a known contact. 

There is a caveat, Attackers can’t just share files on teams, they must first get access to a Teams account to be able to share any files with other users.

What can you do to protect yourself?

  • Route all traffic through Zscaler Internet Access, which will provide the right visibility to identify and stop malicious activity from compromised systems/servers.
  • Ensure you are inspecting all SSL traffic.
  • Advanced Threat Protection to block all known malware and command-and-control activity.
  • Use Advanced Cloud Sandbox to prevent unknown malware delivered as part of a second stage payload.
  • Security awareness training to spot and report suspicious attachments over chat and collaboration tools

Zscaler coverage:

Zscaler can protect against these or in fact any unknown threats by inspecting SSL encrypted traffic at scale and detonating files in Advanced Cloud Sandbox.

We have ensured coverage for the known payloads via advanced threat signatures as well as advanced cloud sandbox.

Malware protection


Advanced Cloud Sandbox


Advanced Cloud Sandbox Report

Zscaler’s Cloud Sandbox detonates the payloads to reveal their actual behavior and plays a critical role in providing global protection against new payloads.

Cloud Sandbox Report

The Zscaler ThreatLabz team is actively monitoring this campaign and providing coverage for threats. More updates to follow.


form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.