Threat Awareness – Microsoft Teams GIFs can be exploited for GIFShell Attacks

Threat Actors could exploit GIFs in Microsoft Teams to conduct phishing attacks, exfiltrate data, bypass security controls, and perform command execution via a novel attack technique dubbed “GIFShell.” The new attack technique chains together multiple security vulnerabilities in Microsoft Teams to compromise potential victims. The primary component of this attack, dubbed “GIFShell,” “allows an attacker to create a reverse shell that delivers malicious commands via base64 encoded GIFs in Teams, and exfiltrates the output through GIFs retrieved by Microsoft’s own infrastructure,” according to BleepingComputer. To conduct this attack, however, a user must first be fooled into clicking and downloading a malicious executable. The GIF component comes into play as a phishing lure. Microsoft Teams allows attackers to send malicious files to Teams users and spoof them to appear as harmless images. Teams does not allow a user to pre-screen whether the linked attachment is malicious or not.

Despite the recently discovered attack technique, Microsoft does not plan to issue any immediate patches. Microsoft stated “We’ve assessed the techniques reported by this researcher and have determined that the two mentioned do not meet the bar for an urgent security fix. We’re constantly looking at new ways to better resist phishing to help ensure customer security and may take action in a future release to help mitigate this technique.” Read more at BleepingComputer.