Language switcher

You are here

Malware disguised as updates targets Microsoft Teams users

Criminals are currently using fake updates to encourage users to download malware through ads that offer updates to Microsoft Teams.

The ads direct users to a malicious website that ostensibly provides the necessary software updates, but actually launches a PowerShell script when clicking on the link and creates a backdoor on your computer. This allows criminals to send ransomware to your computer and steal data. Software could also be installed through the backdoor for further attacks, such as Cobalt Strike, through which criminals try to move online and infect more machines. It is also noteworthy that through the purchase of advertisements, criminals manipulate the top matches of search engines to increase the likelihood that an unsuspecting user will download fake updates.

CERT-EE recommends that general measures be taken to avoid falling victim to such schemes:

  1. download updates only from official environments and do not believe the information received while surfing the web;
  2. use the latest versions of web browsers that can detect and block malicious pages;
  3. use different passwords of sufficient complexity in different communication environments.

Kertu Kärk
Head of the Communication Department
5850 9665
kertu.kark [at]

More news on the same subject


The new yearbook of the Information System Authority (RIA) on cyber security summarises the most influential incidents in cyber space

28.04.2021 – In its most recent yearbook on cyber security, the Information System Authority (RIA) talks about the record number of phishing reports, denial-of-service attacks, and Emotet malware and cyber attacks against Estonian ministries that took place last year. In addition to incidents, you can read about the effect that COVID-19 had on Estonian cyber space, RIA’s larger role in elections, and the new information security standards of Estonia, as well as the most important developments in international cyber cooperation. The yearbook is available on the website of RIA (PDF).