Wednesday, May 7, 2025
HomeCyber Security NewsHackers Weaponizing Microsoft Teams to Gain Remote Access

Hackers Weaponizing Microsoft Teams to Gain Remote Access

Published on

SIEM as a Service

Follow Us on Google News

Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to gain remote access to victim systems.

Utilizing sophisticated social engineering tactics, these malicious actors pose as legitimate employees or trusted contacts, leveraging video calls on Microsoft Teams to deceive users into downloading harmful software.

The attack typically begins with an onslaught of phishing emails designed to create confusion or urgency.

- Advertisement - Google News

Once the victim is primed, the attacker initiates a Microsoft Teams call, impersonating an employee from a known company or a trusted external supplier.

Timeline of the attack
. Timeline of the attack

During this call, the fraudulent representative instructs the user to download remote desktop software, supposedly for troubleshooting purposes.

In a notable case, the attacker initially attempted to guide the victim to download a Microsoft Remote Support application, but after a failed installation, they instructed the use of AnyDesk instead.

This remote access tool, once installed, became the vector for deploying DarkGate malware, allowing the attacker to seize control over the victim’s computer.

2024 MITRE ATT&CK Evaluation Results Released for SMEs & MSPs -> Download Free Guide

The Role of DarkGate Malware

DarkGate malware is a formidable threat distributed via an AutoIt script. Its capabilities include executing remote commands, gathering sensitive system information, and establishing a connection with a command-and-control server.

The malware is executed seconds after AnyDesk is installed, where commands are issued to run it as a local service with elevated privileges.

processCmd: "C:\Windows\System32\cmd.exe"
eventSubId: 2 - TELEMETRY_PROCESS_CREATE
objectFilePath: c:\windows\system32\rundll32.exe
objectCmd: rundll32.exe SafeStore.dll,epaas_request_clone

This access grants the attacker the ability to perform various malicious actions, including injecting additional malware into processes and manipulating network configurations.

The sophisticated execution flow even allows the malware to load into legitimate system processes to obfuscate its presence and activity.

 root cause analysis for the creation of script.a3x and Autoit3.exe
 root cause analysis for the creation of script.a3x and Autoit3.exe

To defend against these advanced threats, organizations must adopt comprehensive security strategies.

Firstly, employee training is crucial, focusing on the recognition of phishing attempts and the dangers of unsolicited support calls.

A well-informed workforce can significantly reduce the likelihood of successful social engineering attacks. Secondly, implementing strict verification protocols for third-party interactions can prevent unauthorized access.

This includes verifying the identity of any external support personnel. Additionally, organizations should restrict the use of remote desktop tools, permitting only those applications that have been thoroughly vetted and approved.

The enforcement of multi-factor authentication (MFA) on remote access tools offers an additional layer of defense, requiring multiple forms of verification to access systems, as per a report by Trend Micro.

The misuse of Microsoft Teams as a platform for cyberattacks underscores the evolving landscape of cybersecurity threats.

As communication tools become integral to business operations, they also present new vulnerabilities for exploitation.

To counter these emerging threats, organizations must enhance their security measures, combining employee education with advanced technological defenses.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...