Hackers Exploiting Microsoft Teams to Gain Remote Access to User’s System

Hackers leveraged Microsoft Teams to manipulate a victim into granting remote access to their system. The attack, analyzed by Trend Micro, highlights the growing sophistication of social engineering tactics used by cybercriminals.

The attack began with a flood of phishing emails targeting the victim. Shortly after, the attacker initiated a Microsoft Teams call, posing as an employee of a trusted client.

During the call, the attacker instructed the victim to download a remote support application, initially proposing Microsoft Remote Support. When installation from the Microsoft Store failed, the attacker pivoted to AnyDesk, a legitimate remote desktop tool often exploited by cybercriminals.

Once AnyDesk was installed, the attacker gained control over the victim’s machine. They deployed multiple suspicious files, including one identified as Trojan.AutoIt.DARKGATE.D.

This malware was distributed via an AutoIt script, which allowed remote control of the system, executed malicious commands, and connected to a command-and-control (C2) server.

Execution and Malicious Activity

After gaining access through AnyDesk, the attacker executed commands to gather detailed system information and network configurations. Commands such as systeminforoute print, and ipconfig /all were run to collect data about the system’s hardware, software, and network setup. The gathered information was saved in a file named 123.txt, likely for further reconnaissance.

The malware also employed defense evasion techniques. For instance, AutoIt scripts were used to identify antivirus software on the system and evade detection. Additionally, malicious files were downloaded and extracted into hidden directories on the compromised machine.

Read the Full Story Here

Source: Cybersecurity News