Microsoft Teams users have been tricked into granting remote access to their computers. According to cybersecurity company Trend Micro, attacks carried out through social engineering can be particularly deceptive, as reported by Cyber Security News.
Initially, the attacker bombards the target’s inbox with phishing emails. Subsequently, the victim receives a message on Teams from someone posing as a representative of a trusted entity. This person instructs the victim to install the Microsoft Remote Support remote administration tool. When installation via the Microsoft Store fails, the attacker instead recommends the AnyDesk remote administration tool.
Through AnyDesk, the attacker gains access to the target’s system and installs various files, including one named Trojan.AutoIt.DARKGATE.D. The malware connects to a command-and-control server, allowing the attacker to execute commands and take control of the system remotely.
In addition to gathering data, the malware attempts to conceal itself. AutoIt scripts scan the computer for antivirus software, and the malicious files are downloaded and extracted in hidden folders on the system.
Trend Micro stated that this particular attack was intercepted before any data could be stolen.
As a precaution, the company recommends allowing only necessary remote administration tools on corporate systems and implementing two-factor authentication for users. Employees should also be trained to recognize such scams and intrusion attempts.
Read more about this topic from the following page:
Hackers Exploiting Microsoft Teams to Gain Remote Access to User’s System
https://cybersecuritynews.com/microsoft-teams-to-gain-remote-access/