UTServicesLISACyber safetyNewsRansomware operators use fake Microsoft Teams updates

Ransomware operators use fake Microsoft Teams updates

Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead to the installation of malware.

You don't need to go searching for Teams updates. Teams itself checks whether there is an update available from Microsoft and downloads and installs it in a secure way.

Now, that again more people are working from home, criminals try to abuse the fact people are using tools like Teams more and more. The technique is not new and threat actors already exploited it in attacks in the wild. In 2019, DoppelPaymer ransomware operators used this trick to target Microsoft users, this year WastedLocker operators evolved the technique by using a more complex attacks and employing signed binaries to evade the detection.

“In at least one attack Microsoft detected, the crooks purchased a search engine ad that caused top results for Teams software to point to a domain under their control.” reported Bleeping Computer.

If you need to install Teams on your smartphone or laptop, go to the App or Play store and download the app there. Be sure to check whether the app is by Microsoft Cooperation and not by someone else. If you aren't sure, you can also go through the Microsoft website.  

If you want Teams on your desktop and your computer is not managed by LISA, then you can download Teams from the Microsoft website.

As always, if you receive a message telling you to download software, check with CERT-UT if this is legitimate or a criminal trying to get into your system.