The attackers exploit default settings in Teams to send over 1,000 malicious chat invites. Once the attachment is downloaded, the malware connects to a command-and-control server.
A novel way to abuse a decades-old protocol used to send emails since the beginning of the Internet allows attackers to evade Domain-based Message Authentication, Reporting and Conformance (DMARC) and other email protections, putting organizations and individuals at risk for targeted phishing attacks that appear to come from legitimate sources. Using a technique called “SMTP […]