Bitdefender Team Discovers Threats To Microsoft Teams And Quick Assist

Bitdefender Team Discovers Threats To Microsoft Teams And Quick Assist

Tyler Cross Tyler Cross
Published on: November 22, 2024 Senior Writer

Researchers with the cybersecurity company Bitdefender’s MDR team recently discovered three new threats to Microsoft Teams and Quick Assist.

These threats are social engineering schemes that leverage these platforms to gain unauthorized access to a victim’s device. Rather than immediately infecting them or attempting to brute force their way to administrative control, they plant seeds to weaken the target system for later attacks.

This campaign saw scammers using Teams and Quick Assist to pose as IT staff members. They’d reach out to unsuspecting victims and convince them to grant them access to their computers.

In this case, multiple scammers would pose as different members of a team offering help for technical issues. Usually, just before sending this message, they’d communicate with other hackers and barrage the victim with spam messages, making the technical assistance look more legitimate.

They’d even have multiple people at once direct the victim to different “team members,” before ultimately attacking. Eventually, they’d push victims to click a link, which takes them to a legitimate-looking version of Teams or Quick Assist. If they click the download button, they’re actually infecting themselves with malware.

From there, malicious code was injected that created a backdoor for future attacks. This backdoor creates a foothold for them to infest their computer and linger.

The MDR team did not discover any use of ransomware during these attacks, but they did note that the access and persistence methods they used were very similar to the initial attacks that various hacker groups like Black Basta use just before employing malicious code to encrypt and ransom someone’s data.

The researchers discovered that the Trojan.Agent.GMUC and Java.Trojan.Agent.SH viruses are present within the campaign.

Remember that a company’s support team will never reach out to you first under any circumstances. It’s also important to set up MFA for your accounts, avoid opening links from strangers, and always verify the legitimacy of who you’re talking to.

Source of Article