“User-Centric” Malware Targeting Microsoft Teams Users


Malicious actors are using system-hijacking malware called “User-Centric” to infiltrate business networks through Microsoft Teams. Because of the popularity of Microsoft Teams, millions of businesses could be at risk of a data breach.

The attacks were identified by Avanan, a cybersecurity solutions provider serving governments and corporate entities. A recent report identifies that hackers are dropping malware-infested .exe files labeled “User-Centric” in chat threads on Teams. 

Avanan reports the attackers are using Trojan malware in an attached document. When the end-user clicks on the attachment, it installs the malicious file on their computer’s library by running an automated DLL file. The program has the ability to create shortcut links to self-administer and take control of the computer.  

User-centric malware is the latest in an increasing list of malicious code designed to hack internet users. In the UK alone, IT Governance discovered 95 new security threats in January, resulting in 65,984,648 compromised records. 


Another recent strategy used by cybercriminals, discovered last month by the FBI, was the use of USB memory sticks purporting to be from the US Department of Health and Human Services. 

The USB sticks are infected with malware called ‘BadUSB’ which is configured to register as a keyboard device after being plugged in. From there, hackers can execute a series of commands to install malware. 

According to the FBI, BadUSB attacks mostly targeted firms in the transport and insurance sectors. The nasty devices were shipped on LILYGO-branded devices. Hackers could turn their attention to other profitable sectors in 2022. 

Defense Against Cybersecurity Attacks 

Governments have called for businesses of all sizes to reinforce their cybersecurity measures and train their staff about the threat of malicious malware. The majority of data breaches are due to human error; most are employees opening email attachments. Or as we are now seeing attachments planted in Team chats. 

Statistics reveal that 47% of small businesses do not know how to effectively protect themselves against cyber attacks. Worse still, 45% of small businesses have not taken any measures to protect themselves from hackers. 

The cost involved in cybersecurity tends to be the stumbling block for most small businesses and start-ups. But creating lines of defense doesn’t have to be expensive. 

Micro Pro, a leading IT-managed support firm in London says that some small businesses should be okay with cloud storage and reputable antivirus software. However, the most important aspect of cybersecurity is to train your staff members. 

When designing your cybersecurity strategy, consider using cloud tools that have built-in firewalls, encryption, and other IT security defense. Built-in security tools are included as part of the software package which means you don’t have to invest in additional tools alongside your productivity suite. 

With the growing threat of malicious actors, it’s also worth keeping your eye on the latest discoveries within the cybercrime sector. Hackers always have to develop new strategies to infiltrate business networks, so the modus operandi is constantly evolving.