Attackers are using Teams chat to infiltrate malware

Security experts from Avanan have observed attackers taking advantage of Teams chat to introduce malware into an organization.

The attack starts through an email or by spoofing a user, to gain access to the Teams conversation. The bad actor attaches an .exe trojan malware called “User Centric” to the chat. When clicked, the malicious file will take over the user’s device and install other components that allow the program to self-administer and take control over the computer.

This attack can be perpetrated because of Teams' complexity of configuration and limited scanning features for identifying malicious links and files.

These incidents show that attackers are beginning to understand how to exploit Teams as a potential attack vector, therefore organizations should tighten their Teams configurations to minimize the risk of being compromised.

The Avanan article