THREATNOIR
Subscribe
Back to Feed
MalwareMar 25, 2026

That sample was seen (still available) from: https://official-teams-storage[.]com/files_dws_arch/...

Malicious MSI installer impersonating Microsoft Teams detected on spoofed domain.

Read at source

Summary

A malware sample disguised as Microsoft Teams (MTSetup_v15.3.7191.msi) was discovered hosted on a spoofed domain (official-teams-storage[.]com) mimicking legitimate Microsoft infrastructure. The file remains available and represents a supply-chain-style attack leveraging brand impersonation to distribute malware to unsuspecting users.

Indicators of Compromise

  • domain ā€” official-teams-storage.com
  • url ā€” https://official-teams-storage.com/files_dws_arch/MTSetup_v15.3.7191.msi
  • malware ā€” MTSetup_v15.3.7191.msi