Microsoft Teams New Phishing Attack

A computer set up with the warning Malware found!

While remote meetings via Zoom, Teams, and WhatsApp are replacing boardrooms, the threat of malware attacks is ever present.

A new phishing campaign is tricking users into downloading and opening a ZIP file titled 'Changes to the vacation schedule.' Now, while the terminology of 'vacation' might not necessarily be used every day here, it's still important to be vigilant.  The attachments install the malware DarkGate; its goal is to enable the download and execution of other malware once it runs on an infected computer.

The campaign only started late last month and was identified when Microsoft Teams phishing messages were seen being sent by two compromised external Office 365 accounts to other organisations.  These accounts were used to trick other Microsoft Teams users into downloading and opening the ZIP file.

While this particular malware isn't a widespread risk currently, the fact that it's adopting multiple infection avenues is something to be concerned by and a potential threat to monitor closely.  Such is the case with any spyware threats.

There are too many threats to mention, but generally, they come in the following formats.  A spyware agent can be malware, which modifies system settings and can perform undesirable tasks on your system.  A hijacker will redirect your browser to other websites.  A dialler is a Dial-a-service for which you are billed. Trojan Horse is an attachment to a program that performs undesirable tasks on your system, while collectware collects information about you and your surfing habits.

As well as running a detailed check of your browser history, spyware can install executable files that send continuous data to the author and let hackers intercept your personal data or enter your computer.  They can install other programs directly without your knowledge, send and receive cookies to other spyware programs, and invite them into your computer (even if cookies are disabled).  They can also add Trojan horses to your system.  Once installed, traditional methods can't easily delete these programs from your system.  Often, they will leave components behind which will continue to monitor your online behaviour and sometimes reinstall themselves.

If you are a business in the Crawley, Gatwick, or West Sussex region and have a virus problem, please get in touch with us immediately.  We encourage all our clients to have internet security installed and running.  However, running any updates or patches is essential to ensure the security is current and can deal with the latest threats.  We can clean your system and check every aspect of your infrastructure to ensure nothing is at risk.  We can also install and set up Bit Defender Internet Security - this will give you the best protection to combat any virus attack.