There's a devious hacking scheme that involves a hijacked Microsoft Teams account, a fake IT helpdesk, and a covert infection tool

News
By published

IT's a pretty bad one.

The Microsoft Teams app on a laptop arranged in New York, US, on Tuesday, June 25, 2024. Microsoft Corp. risks a hefty European Union fine after regulators accused the company of abusing its market power by bundling the Teams video-conferencing app to its other business software.
(Image credit: Getty Images / Gabby Jones / Bloomberg )

Hackers aren't known for punching above the belt, but one recent scam feels so devious it's made me even more wary of the next time IT tries to reach out to me. The scam uses hijacked Microsoft Teams account to pose as an IT helpdesk, which then convinces users to download malicious files.

As noted by GBHackers, some versions of this scam use fresh Microsoft Teams accounts to impersonate existing users, but others use accounts gained in this scam to further scam others.

Latest Videos From

From here, users are encouraged to run a command via PowerShell that then secretly unpacks a WinPython environment. This is all under the guise of it being a "diagnostic tool". The ModeloRAT can start to infect the PC without any obvious signs of what is even happening.

The hack in question has two separate components to it: one searches for and retrieves data covertly, while the other establishes a connection to a different device. GBHackers notes "Run‑key persistence is still present but is now paired with a scheduled task using a randomly generated name, increasing resiliency and making cleanup harder if only one mechanism is removed."

Fallout hacking minigame

(Image credit: Bethesda)

The goal of the ModeloRAT malware software is to embed itself into corporate environments so that it can do what it likes with all that harvested data. GBHackers reports it "was able to execute without detections from several major endpoint detection and response (EDR) products, and related samples showed zero antivirus hits on VirusTotal at the time of analysis."

This form of social engineering is becoming ever more popular. Just yesterday, I found out about a password-stealing Trojan virus that managed to get into users' PCs with fake job interviews.

Social engineering scams are getting even more sophisticated in the age of AI, too. A few months ago, another scheme was found, where hackers would pose as CEOs with deepfake technology and set up a bogus troubleshooting program to help with technical problems. As you might be able to guess, that troubleshooting program was a virus.

As always, the best defence against hacks and scams is verifying the identity of folks who contact you, especially if they're trying to make you download a dodgy file or click on a suspect link.

Razer Blade 16 gaming laptop
Best gaming rigs 2026

1. Best gaming laptop: Razer Blade 16

2. Best gaming PC: HP Omen 35L

3. Best handheld gaming PC: Lenovo Legion Go S SteamOS ed.

4. Best mini PC: Minisforum AtomMan G7 PT

5. Best VR headset: Meta Quest 3


👉Check out our list of guides👈

James Bentley
James Bentley
Hardware writer

James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.