Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard
Share:
Crooks are tricking victims into granting them access via AnyDesk. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Cybercriminals are combining Microsoft Teams and AnyDesk to try and install a dangerous piece of malware on their target’s devices, experts have warned.
![[Hook on Keyboard]](https://vanilla.futurecdn.net/cyclingnews/media/img/missing-image.svg)
A report from Trend Micro, which claims to have recently observed one such attack in the wild, notes how the attackers would first send thousands of spam emails to their targets, and then reach out via Microsoft Teams, impersonating an employee of an external supplier.
Offering help with the problem, the attackers would instruct the victim to install a Microsoft Remote Support application. If that failed, they would try the same with AnyDesk. If successful, the attackers would use the access to deliver multiple payloads, including a piece of malware called DarkGate.
DarkGate is a highly versatile malware that can act as a backdoor on infected systems, allowing attackers to execute commands remotely. It can install additional payloads, and exfiltrate sensitive data without being detected. Data of high value includes login credentials, personally identifiable information, or data on clients, customers, and business partners.
One of its notable features is its modular design, allowing attackers to modify the malware’s functionality. So, in one scenario it can act as an infostealer, and in another, as a dropper. The attack was blocked before doing any meaningful damage, but the researchers used it as an opportunity to warn businesses of the constant threat that lurks on the internet.
