• Business

    Look out – these fake Microsoft Teams installers are just spreading dangerous malware

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    Look out - these fake Microsoft Teams installers are just spreading dangerous malware

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    Be careful where you click in Google search results – it could be damaging malware

    Hackers are distributing a fake PDF Editor loaded with TamperedChef credential stealing malware

    Small business security warning – new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    Microsoft Teams will now judge if that mysterious link you received is malicious or just another meeting invite

    Good news for careless clickers – Microsoft Teams is upping its protection against dangerous scams

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers – here’s what you need to stay safe

    Microsoft Teams and Zoom can be hijacked to give hackers the keys to your kingdom

    Chinese malware is flooding GitHub pages – HiddenGh0st, Winos and kkRAT hit devs via SEO poisoning

    Microsoft warns dangerous PipeMagic backdoor is being disguised as ChatGPT desktop app – here’s what we know

    Fake TikTok shops found spreading malware to unsuspecting victims – here’s how to stay safe

    Hackers are stealing Microsoft 365 accounts by abusing link-wrapping services

    A popular fake Telegram Premium site has been flooding the web with malware – here’s how to stay safe

    YOUR NEXT READ:

    Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers – here’s what you need to stay safe

    Malicious URLs and phishing scams remain a constant threat for businesses – here’s what can be done

    It seems even DNS records can be infected with malware now – here’s why that’s a major worry

    Look out – these fake Microsoft Teams installers are just spreading dangerous malware

    Sead Fadilpašić

    29 September 2025

    Be careful when searching for Microsoft Teams

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Shutterstock / monticello)

    Fake Teams site delivers Oyster malware via SEO poisoning and deceptive ads
    Spoofed page mimics Microsoft’s design, tricking users into downloading malware
    Best defense: type known URLs directly, avoid relying solely on search results

    If you’re looking to install the Microsoft Teams platform, be very careful how you navigate to the downloads page, as experts have warned of a new malicious campaign tricking people into downloading malware instead.

    Security researchers from Blackpoint SOC recently discovered a fraudulent Microsoft Teams downloads page hosted at teams-install[.]top. It looks almost identical to the legitimate Microsoft site, with the color, design, and fonts, all resembling the actual site.
    However, instead of downloading the popular communications platform, victims are served the Oyster backdoor, a known piece of malware that grants the attackers full access to the compromised endpoint.

    You may like

    Be careful where you click in Google search results – it could be damaging malware

    Hackers are distributing a fake PDF Editor loaded with TamperedChef credential stealing malware

    Small business security warning – new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard

    SEO poisoning and malvertising
    The site is optimized for search engines, a practice known as “SEO poisoning”. People searching for “teams download” (and probably a few other keywords) will find the spoofed site at the top of their search results, right next to the legitimate one.

    If a user is not careful, it is quite easy to end up on the wrong site and download malware instead of the actual program.
    To make things worse, the attackers also managed to set up a few ads on the internet, which also seem to appear at the top of the search engine results page.
    SEO poisoning and malvertising campaigns like this one work well because searching for known sites and programs, instead of typing the address in the browser’s address bar is a rather common behavior.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    Many users treat Google as their “front door” to the internet. For example, in 2024, YouTube was the most searched term on Google worldwide, closely followed by WhatsApp Web.
    In the United States, Amazon led the search trends after YouTube. All these platforms are globally recognized and can all be accessed by typing their .com domain in the browser.
    This is also the best way to defend against SEO poisoning and malvertising – don’t blindly trust search engine results, and navigate to as many sites as you can – directly through your browser.
    Via BleepingComputer
    You might also like

    Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    Be careful where you click in Google search results – it could be damaging malware

    Hackers are distributing a fake PDF Editor loaded with TamperedChef credential stealing malware

    Small business security warning – new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    Criminals are using a dangerous fake free VPN to spread malware via GitHub – here’s how to stay safe

    Latest in Security

    Volvo says staff data was stolen following recent ransomware attack on IT supplier

    Harrods cyberattack – over 430,000 customers have data stolen, here’s how to stay safe

    Qualcomm Guardian is its rival to Intel’s popular vPro platform management system – it can even work without Wi-Fi, but I’m not sure whether it’s such a good thing

    Watch out – hackers are using AI to make phishing emails even more convincing

    Nearly 150,000 patient records exposed in major healthcare data breach – here’s what we know

    This devious malware has jumped from Meta over to Google Ads and YouTube to spread – here’s how to stay safe

    Latest in News

    A new PS5 Pro model could be on the horizon, but it’s not going to be much different

    The M5 MacBook Pro just edged closer to launch, but the latest M6 rumors suggest you might want to wait

    Now AI is everywhere in businesses, is anyone actually using it?

    Peacemaker season 3 might not happen, James Gunn says, and DC comic book fans are convinced they know why

    The world’s first water-cooled handheld gaming PC is upon us – and it’s already poised to dethrone the GPD Win 5

    Resident Evil Requiem is only coming to the Switch 2 because of how well Village runs – ‘it looked really great’ says developer

    LATEST ARTICLES

    What is the release date for Gen V season 2 episode 5 on Prime Video?

    Small but perfectly formed, the De’Longhi Dedica Duo is my new favorite entry-level espresso machine

    The iPhone 17e might not be worth waiting for – here’s why

    This super-cheap Garmin Forerunner 55 is a great budget buy for runners

    Volvo says staff data was stolen following recent ransomware attack on IT supplier

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like