Language switcher

You are here

Malware disguised as updates targets Microsoft Teams users

Criminals are currently using fake updates to encourage users to download malware through ads that offer updates to Microsoft Teams.

The ads direct users to a malicious website that ostensibly provides the necessary software updates, but actually launches a PowerShell script when clicking on the link and creates a backdoor on your computer. This allows criminals to send ransomware to your computer and steal data. Software could also be installed through the backdoor for further attacks, such as Cobalt Strike, through which criminals try to move online and infect more machines. It is also noteworthy that through the purchase of advertisements, criminals manipulate the top matches of search engines to increase the likelihood that an unsuspecting user will download fake updates.

CERT-EE recommends that general measures be taken to avoid falling victim to such schemes:

  1. download updates only from official environments and do not believe the information received while surfing the web;
  2. use the latest versions of web browsers that can detect and block malicious pages;
  3. use different passwords of sufficient complexity in different communication environments.

Kertu Kärk
Head of the Communication Department
5850 9665

More news on the same subject


Experts and organisations were invited to join EU CyberNet Network at the Annual Conference

04.11.2020 – On 30 October, the first EU CyberNet Annual Conference took place at Tallinn Creative Hub focussing on the cyber capacity building projects of the EU, the possibilities for more coordinated and effective delivery of development cooperation, and the role of EU CyberNet in these activities.


Estonia was hit by a third wave of malware – always verify the sender’s address before clicking!

16.10.2020 – The monitoring conducted by the Information System Authority (RIA) and information received from the partners show that the Emotet malware, which can be concealed in documents, files, or under links in e-mails, has infected another large set of computers in Estonia.