Shocking Cyberattack: Microsoft Teams Exploited in Vishing Scam to Drop Stealthy Malware

A new cyberattack method is making waves, showing how hackers use simple tricks to break into computer systems. The attacker initiated the attack with a fake Microsoft Teams message and a phone call, then installed malware on the victim’s system. The attackers misused a trusted remote access tool, TeamViewer, to stay hidden and maintain control over the infected system.

A Simple Call That Opened the Door to a Cyberattack

A security team recently investigated an incident where an attacker sent a fake message on Microsoft Teams, followed by a phone call. The caller convinced the victim to run a PowerShell command—a small piece of code that helps control a computer. This was the first step in the attack.

After the command was executed, a hidden payload was downloaded. This allowed the attackers to take over the victim’s computer. To maintain access, they used Quick Assist, a built-in Windows tool for remote support. Since Quick Assist is a trusted program, the attack did not raise any alarms at first.

Using Trusted Tools to Stay Undetected

Once inside the system, the attacker placed a signed version of TeamViewer.exe in a hidden folder. TeamViewer is a widely used remote desktop tool that allows people to access computers from different locations. However, the attacker used a sneaky trick known as DLL sideloading.

DLL sideloading happens when a legitimate program is forced to load a malicious file instead of its usual safe files. In this case, the attackers placed a harmful DLL file (TV.dll) alongside TeamViewer.exe. This made the malware blend in with normal activities, making it much harder to detect.

The attacker didn’t stop there. To make sure the malware remained active, they created a shortcut file in the system’s startup folder. This meant that even if the computer was restarted, the malware would run automatically.

To move files quietly and keep access, they used a Windows feature called Background Intelligent Transfer Service (BITS). This tool normally downloads updates and syncs files. But attackers can use it as a weapon. With this method, they controlled the infected system for up to 90 days without drawing attention.

In the second stage of the attack, the hacker used a JavaScript backdoor called “index.js.” They ran it with Node.js, a tool that lets JavaScript work outside a web browser. Once active, the backdoor created a hidden connection. This gave the attacker full control over the system.

Security experts say this attack looks like those from the hacker group Storm-1811. The attackers used Quick Assist for remote access. They also used DLL sideloading and Microsoft Teams to break in. Cybersecurity firms like Microsoft and Sophos have seen similar attacks before.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

Social Engineering: The Real Threat

The core of this attack was social engineering, which means tricking people into taking actions that compromise their security. The hackers relied on human trust rather than complex coding tricks.

The initial vishing call (voice phishing) played a crucial role. The attacker pretended to be from a trusted source and convinced the victim to run a command that led to full system compromise.

Cybersecurity experts have observed a massive 1633% increase in vishing attacks in early 2025. This attack confirms that such threats are not just numbers but real dangers affecting individuals and organizations alike.

One security professional explained that the attacker’s strategy was effective because it used a signed and trusted application to slip past defenses. By sideloading a malicious DLL into a normal-looking process, they were able to turn a standard remote support tool into an undetectable backdoor.

This attack is a clear example of how hackers don’t always need complex viruses or software vulnerabilities to break into systems. When people trust unfamiliar messages and calls, attackers can use everyday tools to launch devastating cyberattacks.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

TOP 10 TRENDING ON NEWSINTERPRETATION

How Attacks on Transportation Systems Can Endanger Human Lives

Transportation Systems are something we all use every day....

FBI Raids Leader of Gay Furry Hacking Group Behind Project 2025 Cyberattack

The FBI has raided the home of the leader...

Shocking Cyber Scam: 2,600+ Fake Phones Sold with Crypto-Stealing Malware

Hackers have found a new way to steal money....

Sneaky Chaos: Drone Embedded Malware Shakes Up Russia-Ukraine War

The war between Russia and Ukraine is full of...

Shocking New Android Trojan TsarBot Targets 750+ Banking and Crypto Apps

A new Android banking trojan, known as TsarBot, has...

The Dark Side of Magic: A Dangerous Trojan.Arcanum Targets Tarot Fans

Imagine a world where tarot cards could truly predict...

Cybersecurity Breach: 200 Million X User Records & 2.8 Billion Twitter IDs Stolen

A data enthusiast has released a huge collection of...

Google Confirms Dangerous Cyber ‘Espionage’ Attacks on Chrome Users

Google has confirmed a serious cyber threat targeting millions...

Crocodilus: The Malware That Can Empty Your Crypto Wallet in Seconds

A new type of Android malware called Crocodilus has...

Hacker Onslaught Shatters Ethereum Market with 17,000 ETH Dump!

Hackers caused chaos in the crypto world by dumping...

How Attacks on Transportation Systems Can Endanger Human Lives

Transportation Systems are something we all use every day....

Shocking New Android Trojan TsarBot Targets 750+ Banking and Crypto Apps

A new Android banking trojan, known as TsarBot, has...

The Dark Side of Magic: A Dangerous Trojan.Arcanum Targets Tarot Fans

Imagine a world where tarot cards could truly predict...

Google Confirms Dangerous Cyber ‘Espionage’ Attacks on Chrome Users

Google has confirmed a serious cyber threat targeting millions...

Related Articles

Popular Categories

error: Content is protected !!