Threat actors have leveraged Microsoft Teams and other tools to facilitate a malware-spreading voice phishing scam, according to Hackread.Attacks commenced with the delivery of a malicious Microsoft Teams message alongside a vishing call luring targets into executing a payload-downloading PowerShell command, with Quick Assist later leveraged to facilitate remote access, an analysis from Ontinue's Cyber Defense Centre showed. Infiltration of the targeted device is then followed by the distribution of a signed executable that sideloaded the nefarious TV.dll file and dropped the JavaScript-based index.js backdoor. While more findings are still needed to conclusively associate the intrusions with a specific actor, the techniques used in the campaign overlap with the Storm-1811 operation, reported Ontinue researchers. Such an attack should prompt increased vigilance among network defenders, said Sectigo senior fellow Jason Soroko. "Defenders should watch for PowerShell commands in Teams messages, unexpected use of Quick Assist, and signed binaries like TeamViewer.exe running from unusual paths. Signs of DLL sideloading, such as TV.dll loading unexpectedly, are also red flags," Soroko noted.
Coverage from Tech Radar indicates that a sophisticated phishing-as-a-service platform, known as Kali365, Octopi365, and Freedom365, is actively targeting Microsoft accounts.
Check Point Research reported that in May 2026, the hospitality, travel, and recreation sector faced an average of 2,291 weekly cyberattacks per organization, a 24% increase from the previous month and more than double the volume seen in May 2023.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
