Hackers use hijacked Microsoft Teams accounts to deliver ModeloRAT malware

Hackers are abusing Microsoft Teams accounts to impersonate IT support staff and push ModeloRAT malware into corporate environments.

The campaign uses a familiar workplace trust trick. Attackers contact employees through Teams, pose as helpdesk staff, and ask them to run a PowerShell command that appears to fix a device or account problem.

BEST SPRING 2026 DEALS

Editor's Choice

Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.

Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

Once the victim runs the command, the attack drops a ZIP archive into the AppData folder, unpacks a portable Python environment, and launches ModeloRAT through pythonw.exe. This allows the malware to run quietly without showing a visible console window.

What makes the Teams attack dangerous

The attack moves the lure into a tool employees already use every day. A message from someone who appears to be IT support can feel more credible than a random email or browser pop-up.

The campaign has links to KongTuke, a threat cluster previously tied to CrashFix-style social engineering. Earlier activity used browser disruption, fake warnings, and Dropbox-hosted payloads to deliver ModeloRAT.

The newer approach keeps parts of that infection logic, but changes the delivery method. Instead of relying only on browser tricks, attackers can now reach victims through Teams chats using fake or compromised accounts.

At a glance

How ModeloRAT runs on infected systems

The PowerShell command writes and extracts a ZIP archive under the user profile. The archive contains a portable Python setup, commonly associated with a directory named WPy64-31401.

This portable Python environment helps the malware run without depending on Python already being installed on the device. It also makes the activity look more like a bundled software component than a traditional executable payload.

The malware then uses pythonw.exe to execute malicious Python components in the background. Since pythonw.exe does not open a visible console window, the victim may not notice anything unusual after running the command.

ModeloRAT splits the attack into separate stages

The observed infection flow separates reconnaissance from command-and-control activity. One component collects information about the host, while another maintains communication with attacker infrastructure.

This structure gives attackers a cleaner way to gather system details before deciding what to do next. It can also make detection harder because defenders may see several smaller suspicious behaviors instead of one obvious payload.

Earlier research on CrashFix and ModeloRAT showed that the malware targets enterprise environments, especially domain-joined systems. That pattern makes the Teams delivery method more concerning for corporate networks.

Persistence makes cleanup harder

ModeloRAT does not rely only on the first PowerShell command to stay active. Reports describe persistence through a Windows Run registry key and scheduled task creation.

In the newer Teams-based activity, defenders reported scheduled task persistence using randomly generated names. This can make malicious entries harder to separate from legitimate maintenance tasks during a quick review.

Security teams should not treat removal of one persistence mechanism as a full cleanup. A system may still reinfect itself if another startup method remains active.

Indicators defenders should review

How organizations can reduce the risk

The fastest defensive step is to review Microsoft Teams external access settings. Organizations that do not need broad external chat should restrict who can contact employees from outside the tenant.

Microsoft allows administrators to manage external access in Teams, including allowing only specific external domains or blocking external communication paths. These controls can reduce the chance that unknown tenants reach employees directly.

Security teams should also train employees to treat unsolicited Teams support messages with caution. IT support requests that ask users to run PowerShell commands should trigger immediate verification through a trusted internal channel.

• Restrict Teams external access to trusted domains where possible.
• Block or alert on unexpected Dropbox downloads from corporate devices.
• Monitor ZIP archive creation and extraction under AppData.
• Alert on pythonw.exe running from AppData or other user-writable folders.
• Review new Run registry keys and scheduled tasks.
• Teach employees to verify IT support requests before running commands.

Why Microsoft Teams is an attractive delivery channel

Teams sits inside daily business workflows, so attackers can exploit the trust employees place in internal chat. A convincing message from a supposed IT technician can bypass the skepticism that users may apply to email attachments.

This does not mean Teams itself installs the malware. The key step still depends on social engineering. The attacker must convince the user to run a command manually.

That distinction matters for defenders. Strong endpoint controls help, but reducing risky chat exposure and improving helpdesk verification processes can disrupt the attack before malware execution begins.

What defenders should hunt for now

Security teams should look for a chain of suspicious events rather than a single indicator. A Teams message followed by PowerShell, ZIP extraction in AppData, portable Python execution, and new persistence entries should receive urgent attention.

Teams audit logs, endpoint telemetry, DNS logs, proxy logs, and EDR process trees can help connect these events. Analysts should also review recent user reports about unexpected IT support chats or requests to run diagnostic commands.

ModeloRAT shows how attackers continue to adapt social engineering for workplace tools. Organizations that treat chat security, identity controls, and endpoint monitoring as one connected problem will have a better chance of stopping this campaign early.

FAQ