Cybercrooks are using fake adverts promoting Microsoft Teams update to try to infect PCs and networked systems, security researchers have warned. Because of the ongoing public health crisis, more and more people have been asked to work remotely – forcing businesses to move to video conference and chat solutions, like Slack and Microsoft Teams. As millions turn to remote-working solutions, cybercriminals have seen a new opportunity.
According to security blog Bleeping Computer, Microsoft has started to issue a warning to customers about the danger of these fraudulent updates, known as FakeUpdates campaigns.
Crooks have purchased a series of online advertisements to try to trick unsuspecting Microsoft Teams users into clicking on the advert, which claims that an updated version of the app is ready and waiting for them. Worryingly, online crooks have been incredibly successful using this technique. In at least one attack detected by Microsoft, scammers purchased a search engine advertisement that caused top results when searching for terms around “Microsoft Teams” software to point to a domain under their control. Yikes.
Anyone who clicked on that link – either through the search results page, or by clicking on one of the fake advertisements – would be pointed to a malicious download to infect their machine. Hackers ensured that the virus also installed a legitimate copy of Microsoft Teams on the system too in order to keep victims unaware that they had even been victims of an attack.
According to Microsoft, the virus preferred by hackers using this technique was “Predator the Thief”, which is a so-called infostealer designed to send sensitive information from your web browser, like login details for websites and online services, as well as payment data, to the crooks. Other malware distributed this way included Bladabindi (NJRat) backdoor and ZLoader stealer.
One example of this FakeUpdates campaign saw a file-encrypting malware installed on machines. For those who don’t know, this is really, really nasty stuff that encrypts your personal files – leaving you unable to open them. Hackers offer you the key to unlock the encryption, but only after you agree to pay a ransom. Security experts warn against giving into their demands… as these malware attacks can often be repeated again and again after the ransom has been paid as the software is not uninstalled when crooks hand over the keys.
To avoid these attacks, Microsoft has offered a few crucial bits of advice.
First up, the Redmond-based company recommends users only use web browsers that include built-in filters to block malicious websites, including scam, phishing, malware attacks. Second, it suggests that local administrators in charge of a Teams account should resort to a strong, randomly-generated password. It’s best practice to use a separate email address and password combination for every account under your name. That means – should the worst happen and hackers get their hands on your login details – they won’t be able to access any other online accounts under your name.
Limiting admin privileges to essential users and avoiding domain-wide service accounts that have the same permissions as an administrator could also reduce the impact of this type of attack, Microsoft states.
And of course, informing members of staff that online adverts telling you to update your Microsoft Teams account as not a legitimate way to get the latest security patches and features for the software is a good tactic too.
In fact, most of the time, you won’t even need to install the update yourself. That’s because the Microsoft Teams desktop app automatically updates (so you don’t have to). “If you want, you can still check for available updates by clicking your profile picture at the top of the app and then selecting Check for updates,” Microsoft says. Meanwhile, the web app is always up to date when you login – so there’s no need to click on anything there either.
If you’re using a smartphone or tablet, you’ll need to update Microsoft Teams by checking the iOS App Store or Google Play Store for new versions.
Published at Wed, 11 Nov 2020 06:21:00 +0000