VTA-00406 – Hackers Spread Trojans Through Microsoft Teams
Hackers are attaching .exe files to Teams chat to install a Trojan on the end-user computer. This trojan will bypass default protections in Teams and install malware, in which Teams has limited ability to scan for malicious links and files. Furthermore, the trojan can also be attached in a phishing email. In this case, the threat actor will attach an exe file named “ UserCentric” to a chat or email. This file is a trojan which will allow malware to install DLL files and create a shortcut link to self-administer. Once the user opens the file, it will begin to download and install a windows program which is a malicious program.
Severity:
High
Attack Surfaces:
Supply Chain (Third-party vendors)
Tactics:
Email, Messaging
Techniques:
Execution, Initial Access
Active Defense Tactics:
Disrupt
Active Defense Techniques:
Email Manipulation, Security Controls
SuperPRO’s Threat Countermeasures Procedures:
1) Organization must conduct Phishing campaigns to educate users about phishing trap
2) Implement protection that downloads all files in a sandbox and inspects them for malicious content
3) Encourage end-users to reach out to IT when seeing an unfamiliar file
4) Ensure ‘Turn on e-mail scanning’ is set to ‘Enabled’
5) Users should be trained to recognize the common types of Social Engineering tactics
6) Ensure Unauthenticated Sender is ‘enabled’ for Anti-phishing Filter
7) Antimalware tools should be updated and configured
8) IDS/IPS should be configured properly
Are your Endpoints secured? Scan your Endpoints now:
1. Register account on Open Threat Exchange (OTX).
2. Download the OTX Endpoint Security.
3. Subscribe to Provintell-Lab’s OTX pulses.
4. Scan your endpoint for the presence of the IOCs. It’s FREE!
Contributed by: 3h4d0w
Leave a Reply