Article • Published 11/19/2020 Fake MS Teams Ads Lure Remote Employees to Download Malware

The latest tactic from ransomware operators is fake advertising for Microsoft Teams updates that distribute a malicious download. Microsoft Teams is a communication/conferencing program by Microsoft that has become more popular with the rise of remote work and school. These ads are particularly targeting certain sectors, such as healthcare and education, which rely heavily on video conferencing for virtual doctor visits and remote classes due to the pandemic.

When a user searches for Microsoft Teams, the fake advertisements offer an update to Teams and redirect the user to a website controlled by cybercriminals with an executable (.exe) to download. In an interesting twist, the download actially will install Teams, along with the malicious payload, in order to avoid suspicion. Microsoft found that many different malicious programs are involved in this clever scam. Some of the malware steals passwords, payment information, and other sensitive data, while other downloads allow remote access to the device and lateral movement to other devices in the same network. This access allows the bad actors to exfiltrate data and then deploy their file-encrypting ransomware. 

Related Article: Is It Illegal to Pay Ransomware?

While the consequences of falling victim to this scheme could have long-term impacts on your organization, there are some basic steps that can help mitigate the risk. On the IT side, make sure that all systems are up to date with patches and endpoint security software.

Remember that employee education is a key component to protecting your data and networks. A remote/on-site hybrid workforce can create data in multiple locations, multiple services, and multiple devices. Keeping everyone in your organization on the same page is critical.

In this case, employees must consider whether the URL they are about to click is an official Microsoft site, and then look for other red flags. Microsoft does not distribute software updates via advertisements. Efforts such as the fake Microsoft Teams update prey on anxious and overwhelmed individuals, particularly when "normal" operations have changed rapidly. If you have not yet implemented security awareness training and testing, you should get your team up to speed as soon as possible. 

We Can Help

P&N’s Technology Services team can help you implement the right technology infrastructure and employee training to support your current operations and plan for future disruption. Contact us to discuss your organization’s needs and learn more about navigating cybersecurity risks in a post-pandemic world.