Cybersecurity consultant Bobby Rauch has discovered a new attack tactic in which threat actors exploit Microsoft Team vulnerabilities. According to Rauch, attackers can easily leverage Microsoft Teams GIFs through these vulnerabilities to launch phishing, command execution, and data filtration schemes.
What is GIFShell?
Rauch has named the newly discovered attack technique involving MS Teams GIFs as GIFShell. The technique allows attackers to create a reverse shell to facilitate malicious command delivery via base64-encoded GIFs in MS Teams.
Using a malicious stager executable, the attackers can establish their dedicated MS Teams tenant and start the attack using the GIFShell Python script.
GIFShell installs malware on the device and can sneakily extract data under the guise of harmless GIF images. Rauch noted that the attack entails the exploitation of multiple vulnerabilities in MS Teams to create a chain of command executions.
Furthermore, attackers only need to infiltrate MS Teams and any of the GIFs. Utilizing Microsoft’s web infrastructure, they can unpack commands and install them directly on computers.
Microsoft’s Response
In a blog post, Rauch stated that he notified Microsoft in May 2022. However, Microsoft claims that immediately releasing fixes for the attack is impossible. Moreover, the tech giant stated that the attack techniques “reported” by Rauch don’t meet the requisites for developing an urgent security fix.
Therefore, the best line of defense for you is not to open any GIFs shared by someone on MS Teams.
No comments:
Post a Comment