Microsoft Teams, the popular collaboration platform, has been targeted by a phishing campaign that leverages a malicious document to deliver the DarkGate malware. The attack was discovered by security researchers from ESET, who analyzed a sample of the document that was sent to a victim’s email address.

The document, which claims to be a “Microsoft Teams update”, contains a malicious macro that downloads and executes the DarkGate malware when opened. The malware then connects to a remote server controlled by the attackers and performs various malicious actions, such as stealing credentials, encrypting files, and downloading additional payloads.

The attack is part of a larger campaign that targets Microsoft users with phishing emails that contain malicious documents or links. The attackers use social engineering techniques to trick users into opening the documents or clicking on the links, which then lead them to fake websites that mimic legitimate Microsoft services.

The phishing campaign uses various domains and email addresses to evade detection and attribution. Some of the domains used in this campaign are:

The email addresses used in this campaign are:

The researchers from ESET have shared their findings with Microsoft and other security vendors, who have issued alerts and recommendations to protect users from this attack. They have also provided some tips on how to spot and avoid phishing emails in general.

Some of the tips are:

Microsoft has also issued an advisory on how to protect users from phishing attacks using its own services. The advisory provides some steps that users can take to secure their accounts and devices, such as:

Microsoft has also advised users to scan their devices for any malware infections using its own tools or third-party antivirus software. Users who suspect that they have been infected by DarkGate malware should disconnect their devices from any networks and contact Microsoft support for assistance.