From bleepingcomputer.com
Attackers can use genuine binaries from Microsoft Teams to execute a malicious payload using a mock installation folder for the collaboration software.
The problem affects most Windows desktop apps that use the Squirrel installation and update framework, which uses NuGet packages.
A list of impacted products, as tested by the security researcher that made the discovery, includes WhatsApp, Grammarly, GitHub, Slack, and Discord.