Microsoft Teams and other Windows tools are hacked
By ForGeeks Hackers are using advanced social engineering techniques to try to get old, faulty .DLL files onto people’s computers, which in turn will allow them to download malware.
Hackers are using advanced social engineering techniques to try to get old, faulty .DLL files onto people’s computers, which in turn will allow them to download malware.
A new report from cybersecurity researchers Trend Micro claims that the new attack starts with Microsoft Teams, where crooks use impersonation to get close to victims and trick them into providing a specific set of credentials. Using Quick Assist or similar remote desktop tools, they gain access to devices on which they download faulty .DLL files using OneDriveStandaloneUpdater.exe, a legitimate update tool for OneDrive.
They then download the faulty .DLL files to OneDriveStandaloneUpdater.exe, a legitimate OneDrive update tool.
These .DLL files then allow them to download BackConnect, a type of remote access tool (RAT) that establishes a reverse connection from the infected device to the attacker’s server, bypassing firewall restrictions. This allows attackers to maintain continuous access, execute commands, and retrieve data while bypassing traditional security measures.
An attacker can then use the BackConnect tool to gain access to the infected device.
Trend Micro said the attacks began in October 2024 and were primarily focused on North America, where 21 breaches were reported — 17 in the U.S., five in Canada and the U.K. and 18 in Europe. Researchers did not say whether the attacks were successful or which industries were targeted the most.
Trend Micro said the attacks were not successful.
Since most of the tools used in this campaign are legitimate (Teams, OneDriveStandaloneUpdater, Quick Assist), traditional antivirus or malware defense services won’t be enough. Instead, companies should train their employees to identify and report social engineering attacks in a timely manner. Companies can also enforce the use of multi-factor authentication (MFA) and restrict access to remote desktop tools.
Companies can also enforce the use of multi-factor authentication (MFA) and restrict access to remote desktop tools.
