Hackers are sending malware through seemingly innocent Microsoft Teams messages

Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.

A new phishing scam called “DarkGate Loader” has been uncovered that targets Microsoft Teams. It can be identified with a message and a link that reads “changes to the vacation schedule.” Clicking this link and accessing the corresponding .ZIP files can leave you vulnerable to the malware that is attached.

Truesec Research

The research team Truesec has been observing DarkGate Loader since late August and notes that hackers have utilized an intricate downloading process that makes it so the file is difficult to identify as nefarious.

Recommended Videos

Hackers were able to use compromised Office 365 accounts to send the malware-infected message with the “changes to the vacation schedule” link through Microsoft Teams. Truesec found the accounts that were taken over by the hackers to send the DarkGate Loader malware. These include “Akkaravit Tattamanas” ([email protected]) and “ABNER DAVID RIVERA ROJAS” ([email protected]).

The malware comprises an infected VBScript hidden within an LNK (a Windows shortcut). The research team notes that the attack is crafty due to its SharePoint URL, which makes it hard for users to realize it’s a challenged file. The precompiled Windows cURL script type also makes the code harder to identify because the code is hidden in the middle of the file.

The script is able to pinpoint if the user has the antivirus Sophos installed. If not, the malware can inject additional code, in an attack called “stacked strings,” which opens a shellcode that creates a DarkGate executable that loads into the system memory, the team added.

DarkGate Loader isn’t the only phishing scam that has been plaguing Microsoft Teams this summer. A group of Russian hackers called Midnight Blizzard were able to use a social engineering exploit to attack approximately 40 organizations in August. The hackers used Microsoft 365 accounts owned by small businesses that had already been challenged and pretended to be technical support in order to execute attacks. Microsoft has since addressed the issue, according to Windows Central.

Last fall, one common trend was business email compromise (BEC) campaigns, which are phishing scams where a nefarious actor, disguised as a company boss, sends an email that looks like a forwarded email chain, with instructions to an employee to send money.

Another infamous exploit was the Windows zero-day vulnerability Follina. Researchers discovered it in the spring of last year and determined it allowed hackers access to the Microsoft Support Diagnostic Tool that is commonly associated with Microsoft Office and Microsoft Word.

Related posts

Latest posts

Sundar Pichai says even more AI is coming to Google Search in 2025

Google looks to incorporate AI features more deeply into its Search products in 2025 as part of its $75 billion AI plan, CEO Sundar Pichai told investors Wednesday.

Google brings second-gen AI models to the Gemini mobile app

The latest Gemini 2.0 Flash model can interact with other Google apps and comes with reasoning chops, while the Gemini 2.0 Pro model excels at math and coding.

How to get two OnePlus smartphones for the price of one!

If you’ve been waiting to upgrade phones, this OnePlus deal might be of interest. Get the OnePlus Nord N30 for free when you purchase the OnePlus 12!

Apple’s AI-focused M5 chip enters mass production

Reports indicate that TSMC and other semiconductor companies have been working on the M5 chip series since last month.

Samsung Galaxy S25 Ultra vs. Google Pixel 9 Pro XL: Clash of titans

If you're looking for a new phone for yourself or someone you love and having trouble choosing between the Samsung Galaxy S25 Ultra and Google Pixel 9 Pro XL, let us save you the trouble with this guide.

TikTok is fast becoming a pawn in US-China relations

TikTok's survival in the United States might be tied to new trade agreements between China and the U.S.

Samsung users, beware: One UI 7 could jumble your home screen

If you upgrade to One UI 7, you might have to spend a few minutes rearranging your home screen. Thankfully, it has a tool that makes that easier.

Screenshot-reading malware cracks iPhone security for the first time

"This case once again shatters the myth that iOS is somehow impervious to threats posed by malicious apps targeting Android,” says Kaspersky’s analysis.

Google says quantum computing applications are five years away

Google's head of quantum thinks we could get real-world applications of quantum computing in just five years, while Nvidia claims it's more like 20.

Texas brings the ban hammer down on DeepSeek and RedNote

Texas Governor, Greg Abbott has banned the AI chatbot DeepSeek for state-issued devices, sighting data privacy and national security concerns.