New Microsoft Teams Vishing Attack Exploits Quick Assist to Deploy Stealthy Malware

A global, highly coordinated Microsoft Teams vishing campaign targets corporate employees (notably in the legal sector) by flooding inboxes and impersonating IT to get users to run Quick Assist and download a Java-based backdoor (Nimbus RAT); actors use Google Drive/Sheets for C2 and deploy a secondary OneDrive-based data-theft tool (InboxSetupPro) that exfiltrates messaging databases (e.g., Signal attachments) and large email archives, with researchers observing rapid compromise (under 20 minutes) and telemetry showing 1,540 similar events across 172 environments — activity linked to ransomware-affiliated criminal groups.