top of page

DarkGate - Malware delivered via Microsoft Teams malspam campaign

Affects:

1200px-Microsoft_365_logo.png

Severity:

HIGH

Productivity Impact:

MEDIUM

Fix Estimate:

1-2 minutes

Automatically protected by:

PREMIUM-logo-label-m.png

Sign up for our BETA

Research:

https://www.malwarebytes.com/blog/news/2023/09/microsoft-teams-used-to-deliver-darkgate-loader-malware

Summary:

Adversaries are utilizing Microsoft Teams as a delivery channel for malware. This attack leverages deceptive Microsoft Teams chat messages sent from compromised Office 365 accounts to encourage victims to download malicious files, effectively bypassing existing security measures.

Remediation details

Restrict Microsoft Teams chat requests to specific external domains. Navigate to https://admin.teams.microsoft.com/dashboard

  1. Click on Users > External Access and change settings accordingly


Note. This will affect any existing external access granted so be sure to review the changes with your users to negate business impact



bottom of page