Microsoft Teams Used as Initial Access for DARKGATE Malware

Kroll has observed a rise in DARKGATE malware being delivered through Microsoft Teams messages, particularly targeting the transportation and hospitality sectors. The malware is hosted on public SharePoint sites ensuring user downloads for execution. The continued surge in Microsoft Teams-related social engineering since Q2 2023 follows an identified Teams vulnerability reliant on user awareness and organizational configuration changes for mitigation. DARKGATE’s abilities range from cryptocurrency mining, file encryption, to the credential theft of victim endpoints.