Microsoft Teams and AnyDesk are being misused to deploy dangerous malware, so be wary
- Criminals contact victims and offer help with a ‘problem’
- To solve the problem, they request access to AnyDesk
- If they get hold of it, they will drop the DarkGate malware and steal sensitive data
Cybercriminals are combining Microsoft Teams and AnyDesk to try to install a dangerous piece of malware on their target’s devices, experts warn.
A report from Trend Micro, which claims to have recently observed such an attack in the wild, notes that the attackers first sent thousands of spam emails to their targets and then contacted them via Microsoft Teams, posing as a employee of an external supplier.
The attackers provided assistance with the problem and instructed the victim to install a Microsoft Remote Support application. If that didn’t work, they would try the same with AnyDesk. If successful, the attackers would use the access to deliver multiple payloads, including a piece of malware called DarkGate.
DarkGate is a highly versatile malware that can act as a backdoor on infected systems, allowing attackers to execute commands remotely. It can install additional payloads and exfiltrate sensitive data without being noticed. High-value data includes login credentials, personally identifiable information, or data about customers, clients, and business partners.
One of its notable features is its modular design, which allows attackers to modify the malware’s functionality. So in one scenario it can act as an info stealer, and in another as a dropper.
The attack was blocked before any significant damage was done, but the researchers used it as an opportunity to warn companies about the constant threat lurking on the Internet.
Organizations should train their employees to recognize phishing and social engineering attacks, use multi-factor authentication (MFA) where possible and place as much of their infrastructure behind a VPN as possible. In addition, they must keep both software and hardware up to date and take into account the end of life of critical equipment.
Ultimately, they should use common sense and not fall for the obvious scams that are rampant on the internet.
Via The hacker news