Threat actors could leverage Microsoft Teams GIFs to facilitate phishing attacks, data exfiltration, and command execution through the novel "GIFShell" attack technique, reports BleepingComputer.
Numerous security vulnerabilities within Microsoft Teams have been chained to create the attack, which was discovered by cybersecurity consultant Bobby Rauch. GIFShell, the attack's primary component, enables the creation of a reverse shell that facilitates malicious command delivery through base64-encoded GIFs in MS Teams. Rauch noted that a malicious stager executable could then allow attackers to establish their dedicated MS Teams tenant, before commencing the attack using the GIFShell Python script.
Despite the newly-discovered attack, Microsoft said that it will not issue any fixes immediately.
"Weve assessed the techniques reported by this researcher and have determined that the two mentioned do not meet the bar for an urgent security fix. Were constantly looking at new ways to better resist phishing to help ensure customer security and may take action in a future release to help mitigate this technique," said Microsoft.
Attackers have been leveraging the new "file archive in the browser" phishing technique that enables the creation of realistic phishing pages masquerading as legitimate file archive software, with hosting on a .ZIP domain further establishing the legitimacy of the scheme, reports The Hacker News.
BleepingComputer reports that recent phishing attacks by the QBot malware operation, also known as Qakbot, have involved the exploitation of a DLL hijacking flaw in the Windows 10 WordPad executable "write.exe."
Microsoft credentials targeted new phishing attacks with RPMSG files New phishing attacks involving compromised Microsoft 365 accounts and encrypted restricted permission message, or RPMSG, files, are being leveraged by threat actors to facilitate the stealthy exfiltration of Microsoft credentials, according to BleepingComputer.