Top
Home / Cyber
Cyber, Cyber Security

GIFShell, the new attack that steals data from MS Teams

By

GIFShell: Microsoft Teams is one of the most important tools used worldwide by different companies or organizations to communicate between individuals and teams working together for a specific reason. And for many years, considering the large use of this tool, many reports show that Teams has been at the center of attention of different hackers. Suppose one hacker could gain access to one of the main entry points of communication between coworkers in a company (or other). In that case, they could manage to get a hold of a lot of sensitive information and even access the whole domain system of the victim’s entity. Unfortunately, it has been reported that a major bug is found in Microsoft Teams that could lead to data stealing by attackers through the use of a reverse shell with the help of Gifs shared on chats inside the platform.

This new attack method, named GIFShell, allows threat actors to abuse the Microsoft Teams vulnerability by inserting a reverse shell into the system through GIFs, which can go undetected. This form of attack falls under the category of phishing attacks, as it manipulates and deceives the user by sharing malicious code through GIFs and risks all sensitive data being stolen, exfiltrated, and/or manipulated.

GIFShell

The new attack chain was discovered by cybersecurity consultant and pentester Bobby Rauch, who found numerous vulnerabilities, or flaws, in Microsoft Teams that can be chained together for command execution, data exfiltration, security control bypasses, and phishing attacks. The main component of this attack is called ‘GIFShell,’ which allows an attacker to create a reverse shell that sends out malicious commands via base64 encoded GIFs in Teams and exfiltrates the output through GIFs retrieved by Microsoft’s own infrastructure. To create this reverse shell, the attacker must first trick a user into installing a malicious payload that executes commands and uploads command output via a GIF URL to a Microsoft Teams webhook. Since all Microsoft Teams messages we receive are saved in logs and can be accessed by all Windows users, the malware can easily access all of them and retrieve the information.

The tricky part is that this type of attack can bypass the security protocols of Microsoft and go undetected since the data exfiltration is done through Microsoft’s servers, and the traffic will be harder to detect. Also, it is to be noted that Teams does not scan byte data of GIFs shared between two entry points, which allows a malicious stager to be infiltrated as a form of GIF and then exploit all information and exfiltrate sensitive data of the victim’s device.

 Video Of GifShell Demonstration

Microsoft Teams

This new form of attack has already impacted several individuals and organizations, using Teams as their primary method of communication. This attack was brought to Microsoft’s attention, but this issue remains unpatched. Microsoft’s official response to BleepingComputer stated that this issue did not meet the urgent need to be fixed.

“We’ve assessed the techniques reported by this researcher and have determined that the two mentioned do not meet the bar for an urgent security fix. We’re constantly looking at new ways to resist phishing better to help ensure customer security and may take action in a future release to help mitigate this technique.”

This type of phishing is important to be aware of, and as always, we recommend that users practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers.

However, Microsoft has left the door open to resolving these issues, telling BleepingComputer that they may be serviced in future versions. Until then, people need to stay alert for GIFs they might receive.

Tags: ,
0

Kristi Shehu is a Cyber Security Engineer (Application Security) and Cyber Journalist based in Albania. She lives and breathes technology, specializing in crafting content on cyber news and the latest security trends, all through the eyes of a cyber professional. Kristi is passionate about sharing her thoughts and opinions on the exciting world of cyber security, from breakthrough emerging technologies to dynamic startups across the globe.

RELATED POSTS

Cyber Security

Are you wondering if your computer is being monitored at work? Employers often snoop on their employees’ computer activities to ensure productivity and mitigate organizational risks. While some organizations communicate about this practice, others don’t. Either way, being mindful of

Cyber Security

Every day, sponsored content about miracle cures and supplements with extraordinary capabilities is posted on Facebook, Messenger, and Instagram, and it is often accompanied by artificial intelligence-generated images, video, and audio deepfakes of famous people and health experts. This is

Cyber Security

Essential cybersecurity tools: As we enter the second half of 2024, it becomes increasingly evident that security is a part of our lives. From viruses masquerading as the most innocent downloads to sophisticated phishing scams, the array of threats targeting

4i magazine was founded with the vision of enabling our readers to make sense of the modern world. Our mission is to provide our audience with the most important, cutting-edge tech news and insights. Today's media landscape features too much information and not enough knowledge. Our coverage aims to fix that, by focusing the spotlight on developing trends, up-and-coming talents, and news that's worth your attention.

info@4imag.com
jobs@4imag.com

© Copyright 4i Mag 2022 All Rights Reserved