🔐
Security 📅 2026-07-06 · 11:52 PM IST ⏱ 3 min read

Criminals Using Fake Job Offers on Microsoft Teams to Spread Dangerous Malware

Scammers pose as major companies on Teams to trick workers into downloading harmful software that steals login information.

The Attack: How It Works

Cybercriminals have launched a widespread deception campaign targeting professionals on Microsoft Teams, one of the world's most popular workplace communication platforms. The attackers are pretending to represent over 30 recognizable companies—household names like Adobe, Netflix, Coca-Cola, and OpenAI—to conduct what appear to be legitimate job interviews.

During these fake conversations, victims are directed to download files or click links that install malicious software called EtherRAT. Once installed, this program can steal sensitive information, particularly the login credentials people use to access their Google accounts. For marketing professionals, who often manage brand accounts and customer data, this represents a particularly dangerous vulnerability.

The approach is deliberately social. Rather than sending spam emails that people might immediately recognize as suspicious, the criminals engage in seemingly authentic back-and-forth conversations. They build trust over time, making the request to download something feel like a normal part of the interview process. By the time victims realize something is wrong, the damage is already done.

What This Means

This attack exposes a fundamental weakness in how we verify identity online. Think of it like someone calling your home claiming to represent your bank—they might use the right terminology and sound convincing, but that doesn't mean they actually work there. Digital conversations have the same problem: appearances can be deceiving.

The targeting of marketing professionals is strategic. These employees typically have access to multiple company accounts, sensitive campaign data, and sometimes financial systems. A criminal who steals their credentials essentially gains a key to the entire company's front door.

The fact that well-known brands are being impersonated amplifies the danger—people are more likely to trust a conversation if they believe they're talking to someone representing a company they recognize and respect.

Why You Should Care

If you work in marketing, communications, or any role involving team collaboration and online accounts, you are a potential target. The criminals aren't looking for random victims; they're hunting professionals with valuable access.

But this threat extends beyond job seekers. Anyone using Microsoft Teams for work should understand that the platform itself isn't the problem—the problem is that attackers can impersonate legitimate contacts. Your team members' accounts could be compromised, and you might receive messages that look authentic but contain malicious links.

Additionally, if your Google account is breached, attackers gain access to your email, documents, photos, and anywhere else your Google login is connected. The ripple effects can be massive.

What You Can Do

Stay skeptical of unexpected job opportunities online, and remember that no legitimate interview process requires you to download software from a Teams conversation.

📎 This is original ITVedas reporting. This story was inspired by coverage from bleepingcomputer.com. Visit the source for their original reporting.

Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.

Explore IT Chapters →