Malware delivered via Microsoft Teams

February 20, 2022 - 2 Min. de leitura

Conteúdo

Article
Mais blogs

Background

Recently, Avanan released a blog post mentioning the interest of adversaries in Microsoft Teams as a launchpad for their malicious attacks. Attackers have always targeted online collaboration tools like Slack and Discord for malware distribution and phishing. While this is probably not the first time that teams have been used for infecting users, this trend has been on the rise with increasing popularity of Teams.

Campaign overview

Hackers are targeting Teams platform for sharing malicious trojan files at scale to infect unwitting users. They are using various means to get access to user’s emails which in turn is used to get into Teams and subsequently share malicious files with more users to infect them. Files shared over Teams are executable files which can take control over the system.

Hackers get the added benefit of attacking over Teams or any other similar service if they use SSL encryption which can automatically bypass some security tools which are oblivious to things happening under SSL. Furthermore they are taking advantage of the trust between the compromised user and the target users as they are more likely to open the files coming from a known contact.

There is a caveat, Attackers can’t just share files on teams, they must first get access to a Teams account to be able to share any files with other users.

What can you do to protect yourself?

Route all traffic through Zscaler Internet Access, which will provide the right visibility to identify and stop malicious activity from compromised systems/servers.
Ensure you are inspecting all SSL traffic.
Advanced Threat Protection to block all known malware and command-and-control activity.
Use Advanced Cloud Sandbox to prevent unknown malware delivered as part of a second stage payload.
Security awareness training to spot and report suspicious attachments over chat and collaboration tools

Zscaler coverage:

Zscaler can protect against these or in fact any unknown threats by inspecting SSL encrypted traffic at scale and detonating files in Advanced Cloud Sandbox.

We have ensured coverage for the known payloads via advanced threat signatures as well as advanced cloud sandbox.

Malware protection

W32/Trojan.BEIE-5677

Advanced Cloud Sandbox

Win32.Trojan.Wincen

Advanced Cloud Sandbox Report

Zscaler’s Cloud Sandbox detonates the payloads to reveal their actual behavior and plays a critical role in providing global protection against new payloads.

Cloud Sandbox Report

The Zscaler ThreatLabz team is actively monitoring this campaign and providing coverage for threats. More updates to follow.

Obrigado por ler

Esta postagem foi útil?？

Sim, muito útil!

Na verdade, não

Aviso legal: este post no blog foi criado pela Zscaler apenas para fins informativos e é fornecido "no estado em que se encontra", sem quaisquer garantias de exatidão, integridade ou confiabilidade. A Zscaler não se responsabiliza por quaisquer erros, omissões ou por quaisquer ações tomadas com base nas informações fornecidas. Quaisquer sites ou recursos de terceiros vinculados neste post são fornecidos apenas para sua conveniência, e a Zscaler não se responsabiliza por seu conteúdo ou práticas. Todo o conteúdo está sujeito a alterações sem aviso prévio. Ao acessar este blog, você concorda com estes termos e reconhece que é de sua exclusiva responsabilidade verificar e utilizar as informações conforme apropriado para suas necessidades.