Member-only story
Beware: Malicious Ads Redirecting to Fake Microsoft Teams Page
A recent investigation into a malicious cyber campaign has revealed a disturbing trend: cybercriminals are using deceptive Bing search ads to distribute malware via fake Microsoft Teams download pages. This sophisticated attack relies on a series of interconnected malicious files and compromised websites, which makes it difficult for users to detect and protect themselves from the threat.
The Attack: A Malicious Ad Leading to a Fake Microsoft Teams Page
On January 22, 2025, cybersecurity researchers identified a malicious Bing search ad that redirected users to a counterfeit Microsoft Teams page. The fake page closely resembles the legitimate Microsoft Teams download site, tricking users into downloading malware. Once clicked, the user is redirected to a malicious server controlled by the attackers, where harmful files are silently delivered to their systems.
While the individual files involved in this attack are not inherently malicious, they work together to exploit vulnerabilities and gain control over the infected systems. The attackers use a Command and Control (C2) server located at the IP address 5.252.x[.]x to download additional malicious payloads, making it a complex and persistent threat.
