Hackers Use Microsoft Teams-Themed Lures to Deploy Legitimate Remote Access Software
ID: 196cc022-fd31-5d7b-983b-4bc6e0bf0ed4
STIX ID: report--196cc022-fd31-5d7b-983b-4bc6e0bf0ed4
Feed Name: GBHackers
An active phishing campaign impersonating Microsoft Teams lures recipients to download seemingly legitimate transcript/recording viewers that silently install a legitimately signed, preconfigured remote access tool (RAT). The malware employs multiple persistence mechanisms (Windows service, SafeBoot registry entries, credential provider/LSA integration, COM inproc server hijacking), sandbox and time-evasion checks, and credential-harvesting capability; attackers host templated landing pages on compromised small-business domains and cloud-hosted platforms, enabling scalable, localized, and resilient delivery.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
