Hackers are using Microsoft Teams chat to spread malware

So far, researchers have identified thousands of these attacks involving abuse of the Microsoft Teams chat feature.

As of January 2022, Microsoft Teams had surpassed the threshold of 270 million monthly active users. While it is good news for the company it also makes Teams users a lucrative target for cybercriminals.

For your information, Microsoft Teams is a workplace collaboration and communication platform that allows organizations to communicate via video conferencing, store files, initiate chat, and integrate applications simultaneously.

It has emerged as an extremely useful and productive medium of communication in recent times, specifically nowadays when the world is held hostage to the COVID-19 pandemic.

Microsoft Teams chat feature abused

In the latest, the IT security researchers at Avanan, a cloud email security solution provider and a subsidiary of Check Point Software Technologies, have identified an attack campaign targeting Teams users with malware by exploiting and slipping into the platform’s chat feature.

According to the researchers, attackers are attaching malicious documents in chat threads which once clicked drop trojan on the victim’s device allowing attackers to remotely control the device.

Jeremy Fuchs of Avanan stated that since January 2022, the company has witnessed thousands of these attacks per month in which malicious executable files are being spread across Teams’ conversations.

Using an executable file, or a file that contains instructions for the system to execute, hackers can install malicious file libraries (DLL files) that allow the program to self-administer and take control over the computer. By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.

Jeremy Fuchs – Avanan

Look out for UserCentric.exe on your system

It is worth noting that the malicious file used in this attack is named User Centric (aka UserCentric or UserCentric.exe). However, researchers warn that since their report has been published, attackers can change the file name to something else.

Hackers are using Microsoft Teams chat to spread malware
Image: Avanan

Nevertheless, if you are a Microsoft Teams user, it is advised to go to > Task Manager then > Details and look for UserCentric.exe. In case the file is in the system inform your organization’s cybersecurity team and use antivirus software to clean your computer.

How do attackers get in Microsoft Teams chat?

Targeting unsuspecting users with malware through chats is not new. From WhatsApp chats to chat features in Zoom and TeamViewer have been abused for years. However, it requires a lot of social engineering tactics to do so. 

In their blog post, Fuchs explained that attackers use a variety of techniques to achieve their goals starting from phishing attacks to compromise the email account of their victim which can belong to a person or organization. 

The attackers can also compromise the login credentials of Microsoft 365 accounts or take advantage of publicly available stolen/leaked databases to extract the required information.

Either way, they can use these details to get into Microsoft Teams chat, listen to conversations, steal secrets or spread malicious files to infect other users with malware.

Related Posts