Cybercrooks are using fake ads promoting Microsoft Teams update to try to infect PCs and networked systems, security researchers have warned. With the ongoing public health crisis, more and more people were asked to work remotely, forcing companies to switch to video conferencing and chat solutions like Slack and Microsoft Teams. With millions turning to remote solutions, cyber criminals have seen a new opportunity.
According to the security blog Bleeping Computer, Microsoft warns customers of the risk of these fraudulent updates, the so-called fake updates campaigns.
Crooks bought a number of ads online to trick unsuspecting Microsoft Teams users into clicking the ad. This claims that an updated version of the app is ready and waiting for you. What is worrying is that online crooks have been incredibly successful using this technique. In at least one attack detected by Microsoft, fraudsters bought a search engine advertisement that led to top results when searching for terms in the “Microsoft Teams” software and referred to a domain they controlled. Yikes
Anyone who clicked this link – either from the search results page or by clicking on one of the fake ads – will be notified of a malicious download designed to infect their computer. Hackers made sure that the virus also installed a legitimate copy of Microsoft Teams on the system so that the victims would not know that they had even been the victim of an attack.
According to Microsoft, the virus preferred by hackers using this technology was “Predator the Thief”, a so-called infostealer, which sends confidential information such as login data for websites and online services as well as payment data to the crooks via your web browser. Other malware spread this way were Bladabindi (NJRat) Backdoor and ZLoader Stealer.
MORE LIKE THAT
Google Meet has noise cancellation features for iPhone and Android
An example of this FakeUpdates campaign installed file encryption malware installed on computers. For those who didn’t know, this is really, really bad stuff that encrypts your personal files – so you can’t open them anymore. Hackers will offer you the key to unlock the encryption, but only after you have agreed to pay a ransom. Security experts warn against giving in to their demands as these malware attacks can often be repeated after the ransom is paid as the software is not uninstalled when crooks hand over the keys.
To avoid these attacks, Microsoft has provided some important pieces of advice.
First of all, the Redmond-based company recommends that users only use web browsers that have built-in filters to block malicious websites such as fraud, phishing, and malware attacks. Second, it is recommended that local administrators who are responsible for a team account use a secure, randomly generated password. It is recommended that you use a separate email address and password combination for each account under your name. That means, should the worst happen and hackers get their hands on your credentials, they won’t be able to access other online accounts under your name.
Limiting administrative rights to key users and avoiding domain-wide service accounts with the same privileges as an administrator could also reduce the impact of this type of attack, according to Microsoft.
And of course, it’s also a good tactic to let employees know that online ads asking you to update your Microsoft Teams account aren’t a legitimate way to get the latest security patches and features for the software.
In fact, most of the time, you don’t even have to install the update yourself. This is because the Microsoft Teams desktop app updates automatically (so you don’t have to). “If you want, you can still check for available updates by clicking your profile picture at the top of the app and then selecting Check for Updates,” says Microsoft. Meanwhile, the web app is always up to date when you log in – so you don’t have to click anything there either.
If you’re using a smartphone or tablet, you’ll need to update Microsoft Teams by checking for new versions in the iOS App Store or Google Play Store.