13-Year-Old Dylan – Youngest Security Researcher Collaborates with Microsoft Security Response Center

The sudden emergence of the “TeamsPhantom” malware in early June rattled school districts and multinational corporations alike.

Masquerading as a harmless Microsoft Teams plug-in, the threat weaponized legitimate meeting invitations to sideload a multi-stage loader that siphoned Azure AD refresh tokens and session cookies.

Within forty-eight hours, telemetry showed probing activity on more than 24,000 endpoints, while red-team simulations confirmed the malware’s ability to pivot into SharePoint and OneDrive resources.

Despite a flurry of anomalous Graph API calls lighting up SOC dashboards, it was 13-year-old Dylan—already celebrated for multiple responsible disclosures—who correlated the traffic to a previously unseen token-replay technique.

Microsoft analysts soon noted the campaign’s distinctive abuse of conversational webhooks to impersonate tenant administrators, validating Dylan’s findings and triggering an emergency takedown window. The attacker’s chain from spear-phishing invite to privilege escalation.

Impact assessments reveal selective exfiltration of proprietary documents and Teams chat histories, intensifying concerns over intellectual-property leakage.

Victims reported phantom calendar entries and rogue channels, indicators that allowed blue teams to pivot hunts toward the plug-in’s hashed manifest.

Dylan’s after-action brief warns that interface extensibility, when left unguarded, becomes a high-impact attack surface. While these things maps the adversary’s replay loop against Microsoft’s Zero-Trust pillars.

By the week’s end, Microsoft revoked 187 compromised code-signing certificates and tightened store-side validation.

Yet copy-cat variants already probe new obfuscation layers, illustrating how quickly criminal tooling evolves.

Dylan, now the youngest contributor to MSRC’s malware-response playbooks, has begun co-authoring detection logic that flags unsolicited add-on manifests—proof that fresh eyes can upend entrenched threat-intel paradigms.

Infection Mechanism

Unlike macro-laden Office droppers, TeamsPhantom embeds its bootstrapper inside a Base64-encoded appSettings block that the Teams client parses at start-up.

The blob expands into an obfuscated PowerShell loader running in constrained-language mode, trimming AMSI visibility. Once memory-resident, the loader decrypts its C2 list by XOR-ing each byte with the tenant’s own GUID—a sly trick that defeats static indicators.

A 38-line JavaScript module then hooks the onMessageReceived handler to harvest authentication cookies in real time.

$guid    = (Get-AzureADTenantDetail).ObjectId
$appCfg  = Get-Content "$Env:APPDATA\Microsoft\Teams\appSettings.json" | ConvertFrom-Json
$bytes   = [Convert]::FromBase64String($appCfg.bootstrap)
$decoded = -join ($bytes | % { $_ -bxor ($guid.ToByteArray()[$_-1]) })
Invoke-Expression ([Text.Encoding]::UTF8.GetString($decoded))

Microsoft’s patch closes the manifest-validation gap, but defenders are urged to monitor tenant-wide add-on registrations and hunt for GUID-based XOR loops in script blocks.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now