Hackers Spread Trojans Through Microsoft Teams

Trojans through Microsoft Teams

VTA-00406 – Hackers Spread Trojans Through Microsoft Teams

Hackers are attaching .exe files to Teams chat to install a Trojan on the end-user computer. This trojan will bypass default protections in Teams and install malware, in which Teams has limited ability to scan for malicious links and files. Furthermore, the trojan can also be attached in a phishing email. In this case, the threat actor will attach an exe file named “ UserCentric” to a chat or email. This file is a trojan which will allow malware to install DLL files and create a shortcut link to self-administer. Once the user opens the file, it will begin to download and install a windows program which is a malicious program.


Attack Surfaces:
Supply Chain (Third-party vendors)

Email, Messaging

Execution, Initial Access

Active Defense Tactics:

Active Defense Techniques:
Email Manipulation, Security Controls

SuperPRO’s Threat Countermeasures Procedures:
1) Organization must conduct Phishing campaigns to educate users about phishing trap
2) Implement protection that downloads all files in a sandbox and inspects them for malicious content
3) Encourage end-users to reach out to IT when seeing an unfamiliar file
4) Ensure ‘Turn on e-mail scanning’ is set to ‘Enabled’
5) Users should be trained to recognize the common types of Social Engineering tactics
6) Ensure Unauthenticated Sender is ‘enabled’ for Anti-phishing Filter
7) Antimalware tools should be updated and configured
8) IDS/IPS should be configured properly

Are your Endpoints secured? Scan your Endpoints now:
1. Register account on Open Threat Exchange (OTX).
2. Download the OTX Endpoint Security.
3. Subscribe to Provintell-Lab’s OTX pulses. 
4. Scan your endpoint for the presence of the IOCs. It’s FREE!

Contributed by: 3h4d0w

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>