A new phishing campaign exploiting Microsoft Teams has come to light, aiming to compromise employees by delivering backdoor malware. Attackers are leveraging the popularity of Teams by sending malicious messages that appear legitimate, enticing users to click on links or download files embedded within the communication platform. Once interacted with, these payloads install backdoor malware, allowing threat actors to gain persistent access to victims’ systems.
The campaign carefully mimics internal corporate communications, increasing the likelihood of successful infection. Security researchers note that the attackers exploit the trust users place in Teams messages, bypassing some traditional email phishing defences. After infection, adversaries can move laterally within the network, exfiltrate sensitive data, or deploy additional malicious tools.
Organisations are urged to increase vigilance around Microsoft Teams communications, implement multifactor authentication, and educate employees about recognising suspicious links or files. Enhanced monitoring for unusual Teams traffic and rapid incident response to potential intrusions can help mitigate the risks from this evolving threat.