logo

Hackers Use Microsoft Teams-Themed Lures to Deploy Legitimate Remote Access Software

ID: 196cc022-fd31-5d7b-983b-4bc6e0bf0ed4

STIX ID: report--196cc022-fd31-5d7b-983b-4bc6e0bf0ed4

Feed Name: GBHackers

Threat Score
78/100

Date Published: 2026-06-24

Date Updated: 2026-06-24

Author: Mayura Kathir

...
...

An active phishing campaign impersonating Microsoft Teams lures recipients to download seemingly legitimate transcript/recording viewers that silently install a legitimately signed, preconfigured remote access tool (RAT). The malware employs multiple persistence mechanisms (Windows service, SafeBoot registry entries, credential provider/LSA integration, COM inproc server hijacking), sandbox and time-evasion checks, and credential-harvesting capability; attackers host templated landing pages on compromised small-business domains and cloud-hosted platforms, enabling scalable, localized, and resilient delivery.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.