Current Emotet Trojan Campaigns and Microsoft Teams Phishing Scam

The Emotet Trojan is being passed on in a recent campaign using bogus Microsoft Word upgrade notices as bait to make end users install the malware. Emotet is the most commonly spread malware now being used. When a user’s device is attacked with malware, it is incorporated into a botnet that is utilized to infect other systems. Emotet is a malware downloader as well and is employed to install data stealers, for example, QBot and TrickBot malware, which are utilized to send ransomware variants for instance ProLock, Conti and Ryuk.

The messages seem to be Microsoft Office announcements that say to the user that they have to upgrade Microsoft Word to add more new capabilities. The messages include a Microsoft Word file attachment and the end-user is told to Enable Editing and Content. This will introduce a malicious macro that will prompt downloading of Emotet onto the user’s system.

End users ought to be cautious and steer clear of clicking on hyperlinks or opening file attachments in unsolicited messages. Emotet hijacks the enduser’s email account to deliver more phishing messages, even to people contained in an individual’s contact list.

Microsoft Teams Phishing Scam Targets Office 365 Users

Researchers from Abnormal Security discovered a new Office 365 phishing campaign which spoofs Microsoft Teams to deceive users into viewing a malicious site displaying a phishing form that collects Office 365 login credentials.

A lot of companies have used Microsoft Teams to make it possible for remote personnel to have contact with the company. In medical care the program is being employed to offer telehealth services to lower the volume of patients traveling to healthcare facilities to manage the propagation of COVID-19.

Microsoft documented for the quarter closing June 30, 2020 that over 150 million learners and educators are right now utilizing Microsoft Teams. More than 1,800 varied establishments have above 10,000 Teams users, and 69 agencies have around 100,000 Teams users. The medical care sector likewise has an expanding Microsoft Teams user, having 46 million Teams events currently being performed for telehealth needs. The growing usage is caused by the pandemic, which offers an opportunity for cyber attackers.

As per statistics from Abnormal Security, the most current campaign involved the phony Microsoft Teams emails mailed to approximately 50,000 Office 365 users thus far. The messages seem like they were mailed from a user having the screen name “There’s new activity in Teams,” hence the messages look like programmed notices from Teams.

The messages notify users to login to Teams as the group is trying to have a conversation. The email messages have a link to click to access Teams that shows text message – “Reply in Teams.” The communications consist of an authentic looking footer having the Microsoft symbol and choices to set up Microsoft Teams on iOS and Android.

The hyperlinks in the e-mail route the user to a Microsoft login page that is a duplicate of the official access prompt, apart from the domain where the page is located. That domain uses “microsftteams” to make it seem like legitimate.

The campaign is just one of the several other campaigns directed at Office 365 credentials. There are numerous campaigns directed at video conferencing systems as they grow in usage during the COVID crisis.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at