DarkGate malware spread via Microsoft Teams, AnyDesk

Threat actors have exploited Microsoft Teams and AnyDesk to facilitate DarkGate malware compromise as part of a new social engineering attack campaign, according to The Hacker News.

Attacks involved impersonation of a user's client through a call on Microsoft Teams that successfully lured targets into downloading AnyDesk following the failed installation of the Microsoft Remote Support app, a report from Trend Micro revealed. Threat actors were then able to leverage remote access allowed by AnyDesk to distribute DarkGate, a credential-stealing malware, and other payloads. Such a development — which comes on the heels of the widespread attack campaign targeting YouTube creators with the Lumma Stealer and other phishing operations exploiting Google Accelerated Mobile Pages, Adobe InDesign, and other trusted platforms — should prompt immediate implementation of multi-factor authentication, approved remote access tool allow lists, and more stringent third-party technical support reviews. "By monitoring key metrics like domain registrations, textual patterns, DNS anomalies, and change request trends, security teams can identify and mitigate threats early," said Palo Alto Networks Unit 42 researchers.