Hackers Target Microsoft Teams Users in Chats


Cybercriminals are taking advantage of Microsoft Teams by attaching harmful executables to discussions in an attempt to disseminate them to other users. Microsoft Teams currently boasts over 270 million monthly active users, making it a profitable target.

Taking Advantage of Microsoft Teams

Since January, Avanan researchers have found thousands of attacks against Microsoft Teams accounts. It is conceivable to compromise a partner organisation and listen in on inter-organizational interactions, according to the researchers. An email account can potentially be used by threat actors to get access to Teams. Furthermore, they may have gained access to Teams and other Office apps as a result of a previous phishing attempt or data theft.

Hackers get access to Teams accounts by spoofing a user using East-West attacks delivered via malicious emails or by utilising credentials obtained from other phishing operations.

An attacker generally understands what technology is safeguarding a business once inside, according to the experts. As a result, they’ll be able to predict which viruses will avoid current defenses.

“The default Teams protections are insufficient, as they merely search for harmful URLs and files,” according to Avanan’s report. “Many email security solutions do not cover Teams.”

They log into these accounts and place an executable file called ‘User Centric.exe’ in a chat room to trick others into opening it.

When the malicious code is run, it installs DLL files and produces self-administering shortcut links.

Attack scenarios that has the chances to happen

In one scenario, the attackers might initiate the attack by listening in on inter-organizational chatter at a partner organization.

Another risk is that they will compromise an email address in order to gain access to Teams.

Previously stolen Office 365 credentials could be used by attackers.

Threats that arise after an intrusion

By obtaining O365 credentials, attackers can gain access to Microsoft Teams as well as other Office applications.

They may be able to find out about or uncover installed protection solutions by taking advantage of this access.

This allows them to select malware that is capable of evading these protections.

Tips for being safe

Since the outbreak, Microsoft Teams has risen in popularity, with 270 million monthly active users in the second quarter of fiscal 2022.

According to Avanan, this exploit demonstrates that hackers are beginning to understand and employ Teams as a feasible attack channel. As the use of Teams develops, the cyber security firm anticipates an increase in these types of attacks. The most recent attack appears to be aimed at users in the United States.

Because some users may be unaware of the usage of Microsoft Teams as an infection vector, it is worrying. Extra levels of security, such as downloading and examining questionable data in a sandbox first, are recommended by experts. Additionally, firms should implement email gateway security to protect communication applications, and employees should notify IT if they notice a suspicious file.

Avavan recommends ensuring that all files are downloaded in a sandbox and screened for dangerous material, as well as encouraging end-users to alert IT if they come across an unexpected item.


IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.