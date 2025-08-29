Malware

Microsoft Teams exploited for malware distribution

Threat actors have been exploiting Microsoft Teams to facilitate malware delivery as part of new phishing attack campaigns, according to Infosecurity Magazine. Malicious Teams accounts spoofing IT support staff have been leveraged to communicate with targeted employees, who are then lured to download AnyDesk, QuickAssist, and other remote access tools, a report from Permiso revealed. Attackers then used the programs to hijack systems, deploy credential-stealing malware like DarkGate and Matanbuchus, and ensure long-term persistence, said researchers, who have linked the activity to the EncryptHub threat operation, also known as Water Gamayun and LARVA-208. "The reuse of static cryptographic constants across campaigns is a notable operational weakness, one that enables defenders to pivot in malware repositories and track this group's tooling over time," added researchers. Such findings should prompt organizations' security teams to be more vigilant of atypical activity in Microsoft Teams that could be part of social engineering schemes.

