Microsoft Teams conversations are being abused by a new phishing attempt to distribute malicious attachments that install the DarkGate Loader malware.
When two external Office 365 accounts were found to be hijacked and were detected sending Microsoft Teams phishing mails to other organisations, the campaign got underway in late August 2023.
These accounts were used as a ruse to get other Microsoft Teams users to download and open a ZIP file called “Changes to the vacation schedule.”
When a user clicks on an attachment, a ZIP file from a SharePoint URL that contains an LNK file resembling a PDF document is downloaded.
The script first verifies that Sophos antivirus software is present on the target device; if it isn’t, it launches the shellcode and deobfuscates additional code.
The Windows executable for DarkGate is built by the shellcode using a method known as “stacked strings” and loaded into memory.
The malicious
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: