Last week, we wrote about a new Teams malware variant making the rounds. As we wrote, the vulnerability essentially allows hackers to bypass all security measures and deliver the harmful payload directly into the user's inbox as a SharePoint file. The scary part is, all it takes is a simple click from the user.

Now, researchers are seeing this in the wild and spreading. A new tool, called "TeamsPhisher" uses the technique we reported on previously. 

According to Dark Reading, TeamsPhisher first finds a target Teams user, verifying that they can receive external messages. After doing so, TeamsPhisher starts a thread with the target, with a message and a link to a SharePoint attachment. 

Here's what it looks like in action:

alt text

And then here's the file:

alt text


As a reminder, with HEC, if the user has Teams protection in place, we'll sandbox any file and remove it if malware is found. 

In today's ever-evolving landscape, safeguarding collaboration applications like Teams is of utmost importance. According to Forrester's latest Wave report, it is crucial to extend the same level of protection that is typically associated with email inboxes to these environments. However, when it comes to comprehensive defense against such attacks, there is only one solution that delivers the robust safeguards needed - Harmony Email & Collaboration.

Simply observing and taking note of suspicious activity for future analysis falls short in adequately thwarting these kinds of attacks.

They need to be blocked. With HEC, for chat applications, every file is scanned in a sandbox for malicious content and quarantined as necessary. Links within files and messages are scanned and quarantined.  and the sender is notified For file-sharing apps, we scan all uploaded files for malicious content and block malicious links within files. 

The frequency and impact of attacks like this are bound to escalate.

Taking a proactive and preventative approach to security is essential in today's rapidly evolving landscape.