During the last year, several variants of malware recovery and remote execution were discovered from Microsoft Teams. They all start from the possibility of updating the client from
a remote URL. To fix this, Microsoft released a patch that only allows local networks to access and update the Teams package. Based on this restriction, the attackers are taking advantage of Teams as a LoLBin, by placing the malicious file on the network and
accessing the load from the victim's computer.
Learn more >