132/69 Friday, March 6, 2026
Security researchers from Microsoft’s Defender team have identified a new phishing campaign observed since February 2026 that targets office workers through fake meeting invitations impersonating Zoom and Microsoft Teams. Victims are often lured into opening a blurred PDF attachment designed to prompt curiosity. When users click the embedded link, they are redirected to a fraudulent download site that mimics an official webpage and claims their meeting software is outdated, urging them to install an update before joining the meeting. This social engineering tactic increases credibility while pressuring victims to act quickly.
A major risk in this campaign stems from attackers using a compromised Extended Validation (EV) digital certificate associated with TrustConnect Software PTY LTD to sign malicious files. The valid-looking digital signature allows the malware to appear trustworthy and helps bypass common security protections. Downloaded files such as msteams.exe or adobereader.exe act as initial installers, executing encoded PowerShell commands that deploy remote monitoring and management (RMM) tools including ScreenConnect and MeshAgent. This enables attackers to establish persistence within the system and maintain ongoing access to the victim’s network.
Once attackers gain a foothold, they begin moving laterally within the network to steal credentials or prepare the environment for ransomware deployment in later stages of the attack. Security experts emphasize that a valid digital signature alone is no longer a reliable indicator of safety, especially in cases where signing keys have been stolen. Organizations are encouraged to adopt behavior-based detection strategies alongside Zero Trust security models. For individual users, experts recommend avoiding software updates through links embedded in emails and instead downloading updates only from official app stores or the developer’s official website.
Source https://hackread.com/fake-zoom-teams-invites-malware-certificates/