New DarkGate Malware Campaign Hits Companies Via Microsoft Teams

Cybersecurity company Truesec has found a new attack campaign leveraging Microsoft Teams to spread DarkGate loader malware. The campaign uses compromised Teams accounts to send tailored content, encouraging users to open a linked malicious file. Once opened, the file executes a command prompting the download of DarkGate. The malware searches for known hardware identifiers, sandbox software, antivirus products and performs disk and memory checks, altering its behavior accordingly. Truesec advises deploying multifactor authentication and only allowing Teams chat requests from whitelisted domains to guard against the malware.