Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs

Summary: A sophisticated cyberattack campaign utilizing Microsoft Teams chats to deploy malware on Windows PCs has emerged, primarily targeting the finance and professional services sectors. Attackers, linked to the “Storm-1811” group, impersonate IT staff to exploit user trust and implement a novel persistence technique through TypeLib hijacking. The threat underscores the need for heightened vigilance and security measures in trusted communication platforms.

Affected: Finance and Professional Services Sectors

Keypoints :

• Attackers impersonate IT staff using fraudulent Microsoft 365 accounts during off-peak hours to lure high-level targets.
• A noteworthy technique called TypeLib COM hijacking is employed, modifying Windows registry entries to ensure persistent access.
• The malware, once deployed, utilizes obfuscated PowerShell backdoors to maintain communication with attackers and bypass security defenses.