Microsoft revokes 200 certs used to sign malicious Teams installers

By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on malicious domains mimicking Microsoft Teams, for example, teams-download[.]buzz, teams-install[.]run, or teams-download[.]top. Users are likely directed to malicious download sites using SEO poisoning,” the company’s threat intelligence team shared. The campaign In this latest campaign, spotted by … More →

The post Microsoft revokes 200 certs used to sign malicious Teams installers appeared first on Help Net Security.