Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors

• Microsoft warns of phishing campaigns with fake conferencing tools
• Malware disguised using valid digital certificates
• Broad enterprise targeting with persistent backdoor risk

Microsoft is warning of a new phishing campaign which aims to deploy persistent backdoors to victim’s computers.

In a new in-depth analysis, the company’s researchers said they recently spotted multiple phishing campaigns, currently not attributed to any known threat actors, which send out emails with weaponized PDF files (financial documents, invoices), fake meeting invitations, or organizational notifications.

Through these files, the attackers try to trick the recipients into downloading fake video conferencing tools. Files with names such as msteams.exe, trustconnectagent.exe, and zoomworkspace.clientsetup.exe, are being distributed and, to make matters worse, are digitally signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD.