DarkGate Malware: Attackers Send Over 1,000 Microsoft Teams Group Chats Invites to Infect Systems

We never know if your Microsoft Teams group chat already has malware.

In a recent surge of cyber threats, attackers are exploiting Microsoft Teams, a widely used collaboration platform. The attackers employ phishing tactics, leveraging compromised Teams accounts to send over 1,000 malicious group chat invites.

The alarming incident features the DarkGate malware, which easily infects the systems once installed.

Compromised Teams Accounts as Conduits

Trend Micro, Nvidia Join Forces to Create AI-Powered Cybersecurity Tools
Trend Micro is working with AI chip giant Nvidia to create new artificial intelligence-powered cybersecurity tools that will protect AI data centers. Muha Ajjan from Unsplash

In a blog post by AT&T Cybersecurity Research, the attackers, appearing as compromised Teams users or domains, strategically send malicious group chat invites. The team unveiled that this deceptive technique is a crucial component of their strategy to access victims' systems.

Tricking Users into Malicious Downloads

Once the targets accept the chat request, the attackers employ a classic DarkGate tactic. They trick users into downloading a file with a double extension named "Navigating Future Changes October 2023.pdf.msi." This seemingly innocuous file harbors the DarkGate malware payload.

"Unless absolutely necessary for daily business use, disabling External Access in Microsoft Teams is advisable for most companies, as email is generally a more secure and more closely monitored communication channel. As always, end users should be trained to pay attention to where unsolicited messages are coming from and should be reminded that phishing can take many forms beyond the typical email," AT&T Cybersecurity network security engineer Peter Boyle warned.

DarkGate Malware Unleashed

Upon installation, the DarkGate malware connects to its command-and-control server at hgfdytrywq[.]com. This server, identified by Palo Alto Networks, is a confirmed part of the DarkGate malware infrastructure. DarkGate, known for its multifaceted capabilities, poses a significant threat to victims' systems.

Microsoft Teams Vulnerabilities

It's clear now that this phishing attack exposes how vulnerable the Microsoft Teams platform is. The platform, by default, allows external users to message users in other tenants. Threat actors capitalize on this, making Microsoft Teams an attractive target due to its massive user base of 280 million monthly users.

Rising Trends in DarkGate Exploitation

According to Bleeping Computer, the DarkGate malware has emerged as a preferred tool for cybercriminals seeking initial access to corporate networks, especially after the disruption of the Qakbot botnet.

The surge in DarkGate infections is evident, with cybercriminals utilizing various delivery methods, including phishing and malvertising.

The surge in DarkGate infections follows an attempt by its purported developer to sell $100,000 annual subscriptions on a hacking forum. DarkGate boasts concealed VNC capabilities, tools to bypass Windows Defender, a browser history theft tool, an integrated reverse proxy, a file manager, and a Discord token stealer.

In other news, Cisco alerted users that malware hit its software. Remote attackers injected security flaws into it, prompting it to launch an emergency patch.

For more reports about malware and the like, click here.

Read Also: Keenan & Associates Alerts 1.5 Million People That Hackers Accessed Data in Recent Breach

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics