Beware of Bogus Microsoft Teams 'Update'

John Lister's picture

If you use Microsoft Teams, watch out for bogus advertisements offering an "update". It's a scam designed to install malware that tries to steal personal data.

The group chat and video conferencing tool has understandably become more popular this year with the increase in remote desktop connections to workplaces. That's attracted the attention of scammers who have put together a creative strategy to steal data.

It's important to note that the attack doesn't aim to exploit any vulnerability in Teams itself. Instead, it's simply aimed at people using it, particularly those who have only started in recent months.

Search Ads Start Scam

The scammers started with a series of bogus ads on search engines which appear when people search for terms related to Teams. That's an effective way of targeting people who may be less familiar with the software and could be looking for solutions to technical problems with it.

The ads take potential victims to a page which claims to install an update for Teams. Clicking on the "update" actually installs a bunch of malware, though it does also install a legitimate copy of Teams. That's designed to reduce the chances that the user quickly gets suspicious. (Source:

The attack uses a series of malware techniques in sequence, starting with an "infostealer" that scans the computer in order to try and retrieve any website login details or payment card information.

Ransomware Is Final Blow

Next, the malware explores ways to spread to any other computers connected to the infected machine via a network. Once it's on as many machines as possible, the malware encrypts files as part of a ransomware attack with the victim told to pay a fee to regain access to their files. This fee can range anywhere from $1,000 to $1,000,000 or more depending on the number of machines on a network and their location. In one case, ransomware infected a hospital in California, and cyber criminals demanded $3.6 million to release data.

Microsoft has issued several tips to avoid these attacks. These include using web browsers which block malicious sites; configuring networks to limit the number of users with administrator privileges; and making sure those users have strong network passwords. (Source:

The more imminent defense, however, is to only ever update software through built-in tools or from the manufacturer's own website.

What's Your Opinion?

Can you understand people being fooled by this scam or does it seem too obvious to avoid? Should search engines act quicker to remove bogus ads? Has remote working changed any of your security practices or made it harder to avoid scams?

Rate this article: 
Average: 5 (6 votes)


Draq's picture

This used to happen with Flash too. People would get prompted to install or update Flash, and probably got malware instead. Unfortunately there are a lot of ignorant and gullible people out there, so it's really no different than being scammed by those pop-ups that seem to freeze your browser and tell you to call a number.