If you are a regular user of Microsoft Teams, beware. Cyber security experts are warning of a new attack that is using fake versions of this popular service to fill PCs with worrying malware. The threat has been discovered by the team at Blackpoint SOC who say hackers are using adverts on search engines that entice users into installing fake versions of the Teams meeting application.

What makes things more terrifying is that the link embedded within the ad appears official and resembles a legitimate Teams client. That couldn’t be further from the truth, as it silently deploys a persistent backdoor in the background without user awareness.

Once downloaded, the attack then adds scary Broomstick malware onto the victim’s laptop. It’s a vicious bug that can give cyber crooks full access to devices and even install software without the owner’s permission.

Explaining more, Blackpoint said: “Execution of the fake installer results in the deployment of the Oyster backdoor, also known as Broomstick. Oyster is a modular, multistage backdoor that provides persistent remote access, establishes Command and Control (C2) communications, collects host information, and enables the delivery of follow-on payloads. By hiding behind a widely used collaboration platform, Oyster is well positioned to evade casual detection and blend into the noise of normal enterprise activity.”

It’s now vital that all Windows users take care before installing any versions of Teams. If an update is needed or a download is taking place for the first time, then always head to the official website to get the application.

Another tip is to be careful when searching for Teams as this is where the cyber crooks are cashing in by showing fake adverts and downloads that appear real.

You can find out more about Teams here.

“This activity highlights the continued abuse of SEO poisoning and malicious advertisements to deliver commodity backdoors under the guise of trusted software,” Blackpoint added.

“Threat actors are exploiting user trust in search results and well-known brands to gain initial access. To reduce exposure, users ar encouraged to download collaboration tools only from verified Microsoft domains and avoid reliance on search engine advertisements for critical software.”