SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Bitdefender Team Discovers Threats To Microsoft Teams And Quick Assist

Tyler Cross
Tyler Cross Senior Writer
Published on: November 22, 2024
Tyler Cross Tyler Cross
Published on: November 22, 2024 Senior Writer

Researchers with the cybersecurity company Bitdefender’s MDR team recently discovered three new threats to Microsoft Teams and Quick Assist.

These threats are social engineering schemes that leverage these platforms to gain unauthorized access to a victim’s device. Rather than immediately infecting them or attempting to brute force their way to administrative control, they plant seeds to weaken the target system for later attacks.

This campaign saw scammers using Teams and Quick Assist to pose as IT staff members. They’d reach out to unsuspecting victims and convince them to grant them access to their computers.

In this case, multiple scammers would pose as different members of a team offering help for technical issues. Usually, just before sending this message, they’d communicate with other hackers and barrage the victim with spam messages, making the technical assistance look more legitimate.

They’d even have multiple people at once direct the victim to different “team members,” before ultimately attacking. Eventually, they’d push victims to click a link, which takes them to a legitimate-looking version of Teams or Quick Assist. If they click the download button, they’re actually infecting themselves with malware.

From there, malicious code was injected that created a backdoor for future attacks. This backdoor creates a foothold for them to infest their computer and linger.

The MDR team did not discover any use of ransomware during these attacks, but they did note that the access and persistence methods they used were very similar to the initial attacks that various hacker groups like Black Basta use just before employing malicious code to encrypt and ransom someone’s data.

The researchers discovered that the Trojan.Agent.GMUC and Java.Trojan.Agent.SH viruses are present within the campaign.

Remember that a company’s support team will never reach out to you first under any circumstances. It’s also important to set up MFA for your accounts, avoid opening links from strangers, and always verify the legitimacy of who you’re talking to.

About the Author
Tyler Cross
Tyler Cross
Senior Writer
Published on: November 22, 2024

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment