The Register reports:
A previously unknown threat group using tried-and-tested social engineering tactics – Microsoft Teams chat invitations and helpdesk staff impersonation – is also using custom malware in its data-stealing attacks, according to Google’s Threat Intelligence Group.
The threat hunters say they spotted a “large email campaign” in late December 2025. The attack started by spamming target organizations with an overwhelming amount of email traffic. Then someone posing as helpdesk personnel would reach out via Microsoft Teams to offer help with the email volume.
The fake helpdesk worker prompts the user to click a link that supposedly installs a local patch that prevents email spamming. This directs victims to a landing page masquerading as a “Mailbox Repair Utility” complete with a “Health Check” button that, when clicked, prompts users to authenticate using their email and password, allowing the attackers to nab them.
Read more at The Register.
