- Criminals approach victims and offer to help with a “problem”
- To solve the problem, they request access to AnyDesk
- If they succeed, they launch DarkGate malware and steal sensitive data.
Cybercriminals are combining Microsoft Teams and AnyDesk to try to install dangerous malware on their targets’ devices, experts have warned.
A report from Trend Micro, which claims to have recently observed one such attack in the wild, notes how the attackers first sent thousands of spam emails to their targets and then communicated via Microsoft Teams, posing as an employee of an external provider.
When offering help with the problem, the attackers instructed the victim to install a Microsoft remote support application. If that fails, they would try the same with AnyDesk. If successful, the attackers would use the access to deliver multiple payloads, including malware called DarkGate.
DarkGate is a highly versatile malware that can act as a backdoor into infected systems, allowing attackers to execute commands remotely. It can install additional payloads and leak sensitive data without being detected. High-value data includes login credentials, personally identifiable information, or data about customers, clients, and business partners.
One of its notable features is its modular design, which allows attackers to modify the functionality of the malware. So in one scenario it can act as an information thief and in another as a dropper.
The attack was blocked before causing any significant damage, but researchers used it as an opportunity to warn businesses about the constant threat lurking on the Internet.
Organizations should train their employees to detect phishing and social engineering attacks, implement multi-factor authentication (MFA) whenever possible, and put as much of their infrastructure as possible behind a VPN. In addition, they must keep both software and hardware updated and take into account the end-of-life dates of critical equipment.
Ultimately, they should use common sense and not fall for obvious scam attempts that are rampant on the Internet.
Through Hacker News
