Fake Microsoft Teams Updates Installs Cobalt Malware on Victims Machine

The threat actors are using the Cobalt Strike to infect companies’ networks with malware. However, this kind of attack generally targets organizations in several industries, but this mainly focuses on the education sector. 

Recently, Microsoft is warning its users regarding malicious fake ads. As the threat actors are using all malicious fake ads for Microsoft Teams updates to affect and hamper the systems of the victims. 

Due to the covid-19 difficult pandemic situation, the educational systems are now depending on videoconferencing solutions, and that is making an easy path for all these threat actors to attack the organization’s network.

Microsoft has stated that these methods are not new, and threat actors have already used this kind of method to exploit the networks. That’s why the cybersecurity researchers affirmed that this kind of trick was used by the DoppelPaymer ransomware operators to target Microsoft users in 2019.

Moreover, this year WastedLocker operators grew some of the techniques by applying a multi-state attack chain and using signed binaries to avoid detection.

Info stealer to Cobalt Strike

Apart from this, Microsft had already given a non-public security advisory to their users as a warning. Recently, this year the attackers exploited the ZeroLogon (CVE-2020-1472) critical vulnerability to obtain admin access to the network. 

This ransomware attack has occurred through theĀ SocGholish JavaScript framework, which was found earlier this year. While dozens of threat actors have hacked newspaper sites that are owned by the same company this year.

The main motive of giving all malicious fake ads is to lure the unsuspecting users into clicking it to install an attainable update by a poisoning search engine that affects through malicious online advertisements.


Microsoft recommends some mitigations to its users; they recommend that the users should use web browsers that can filter and block malicious websites and use strong passwords for local administrators.

Microsoft also recommends blocking executable files that do not match specific criteria like prevalence and age or a regularly maintained trusted list. Moreover, blocking javascript and VBScript code from downloading all kinds of executable content also acts as a defense to an organization’s network system.

The cybersecurity researchers also asserted that it’s essential to make sure that every user is aware of any potential warning signs implemented by the organizations. That’s why Microsoft is doing all possible means to reach out to there every user.

Also Read: Breaking!! Microsoft & Security Firms Take Down the Worlds Most Notorious Trickbot Botnet Malware Operation

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.