Malware hides in Microsoft Teams traffic

Attackers used a custom Go-based backdoor called Backdoor.Turn to disguise command-and-control traffic as legitimate Microsoft Teams activity. The malware requested anonymous visitor tokens from Microsoft services and used TURN relay servers before establishing a direct QUIC connection to a malicious server. Symantec called this the first known case of this technique.