Compromised Skype accounts are allegedly being hacked to spread the DarkGate malware, while Microsoft Teams has also been targeted.

As reported by Trend Micro, multiple Skype business accounts had been compromised and then used as an environment to distribute a VBA loader script attachment. It is unconfirmed how the Skype accounts became compromised, but Trend Micro suggested that it was “either through leaked credentials available through underground forums or the previous compromise of the parent organisation”.

Access to the victim’s Skype account meant the hacker could hijack an existing messaging thread and develop the naming convention of the files to relate to the chat history’s context.

Trend Micro’s report wrote:

In the main case discussed, the Skype application was legitimately used to communicate with third-party suppliers, making it easier to penetrate and/or lure the users in accessing the malicious file. The recipient was just the initial target to gain a foothold in the environment. The goal is still to penetrate the whole environment, and depending on the threat group that bought or leased the DarkGate variant used, the threats can vary from ransomware to crypto mining.”

The hackers changed the script file’s name so victims would recognise it as a PDF rather than a VBS. If a victim were to download and run the script, they would download a second-stage AutoIT payload. This included the malicious DarkGate malware code.

Skype wasn’t the only Microsoft UC and collaboration platform targeted, with Teams also reportedly addressed by the hackers.

The actors attempted to compromise the Teams accounts of organisations whose Teams configurations enabled messages arriving from external users.

What is DarkGate?

DarkGate is a malware-as-a-service (MaaS) or commodity loader first identified in late 2017. Versions of DarkGate have been advertised on the Russian language dark web forum eCrime since May 2023. DarkGate leverages a Windows-specific automation and scripting tool called AutoIt to deliver and execute its functionality.

DarkGate includes a holistic range of features, including the ability to execute discovery commands (such as directory traversal), to introduce remote access software (including remote desktop protocol or RDP and hidden virtual network computing or hVNC), to allow cryptocurrency mining functionality, perform keylogging, steal data from browsers, privilege escalation, and the ability to self-update and self-manage.

Trend Micro also reported that since law enforcement agencies tackled Quakbot this summer, there has been a resurgence in the use of DarkGate.

October’s (Less Alarming) Teams News

The new Microsoft Teams app is now generally available for Windows and Mac, providing users with the best client performance yet.

It now has complete feature parity for nearly all features, such as call queues, PSTN calling, and contextual search in chats and channels. General availability also adds new features and enhancements, including seamless cross-tenant communication and collaboration across multiple tenants and accounts.

In March, Microsoft launched the new Teams app in public preview, and it attracted attention for being twice as fast, with 50 percent less memory usage on Windows than the Teams classic client.

There have also been several notable Teams integrations and certifications

CX solution provider AMC Technology launched an innovative communications product with Microsoft Teams integration, DaVinci for Microsoft Teams.

This product bolsters AMC’s comprehensive portfolio of pre-built applications and is designed to smoothly integrate and personalize experiences for agents and customers. DaVinci for Teams integrates CRM interactions from CCaaS, telephony systems, and internal comms through the Teams platform.

DaVinci for Teams also extends critical customer data access to several business units, such as marketing, finance, customer experience, and overall organizational decision-making.

This week, Crestron’s multi-camera switching offering, Automate XR, received a “first-of-its-kind” certification as a Microsoft Teams Room Device for large and extra-large rooms.

Automate VX provides excellent meeting experiences with production-style cuts that Crestron described as “unparalleled” in the market, elevating Teams meetings to the next level. The announcement illustrated the latest collaboration in Crestron and Microsoft’s 15-year partnership, with both businesses working together to produce optimal meeting experiences.



from UC Today https://ift.tt/Owa1fBy