Threat actors could leverage Microsoft Teams GIFs to facilitate phishing attacks
, data exfiltration, and command execution through the novel "GIFShell" attack technique, reports BleepingComputer
Numerous security vulnerabilities within Microsoft Teams have been chained to create the attack, which was discovered by cybersecurity consultant Bobby Rauch. GIFShell, the attack's primary component, enables the creation of a reverse shell that facilitates malicious command delivery through base64-encoded GIFs in MS Teams. Rauch noted that a malicious stager executable could then allow attackers to establish their dedicated MS Teams tenant, before commencing the attack using the GIFShell Python script.
Despite the newly-discovered attack, Microsoft said that it will not issue any fixes immediately.
"Weve assessed the techniques reported by this researcher and have determined that the two mentioned do not meet the bar for an urgent security fix. Were constantly looking at new ways to better resist phishing to help ensure customer security and may take action in a future release to help mitigate this technique," said Microsoft.