GIFShell is attacking Microsoft Teams users by making them download malicious files on their system via GIFs.

A new malware attack has been surfacing over the past few weeks. GIFShell was created to intercept Microsoft Teams and execute phishing attacks using GIFs. Although many people enjoy a good GIF to lighten up in the middle of the work day, the attackers have made harmless GIFs malicious.

Microsoft Teams vulnerabilities

Like most wildly popular applications, vulnerabilities are found in Microsoft Teams from time to time. Microsoft has tried to sort them out, but there are still several loopholes that attackers can use to gain unauthorized access. Some of these flaws include:

  • Attackers can bypass Microsoft Teams security controls
  • Attachments can be modified to be downloaded externally
  • Spoof attachments can be created that may seem harmless but download malicious documents
  • Insecure URI schemes
  • Does not scan the byte content of GIFs
  • Messages are stored as a parsable log file
  • Microsoft servers retrieve GIFs from remote servers

Reverse Shell Attack

The GIFShell attack is sent to Microsoft Teams in the form of GIFs. Since these messages are saved on the victim’s computer in a log file, the attacker can gain access to the data and retrieve it. The malicious command is sent via base64, and since Teams does not scan byte data for GIFs, it bypasses the security protocols and accesses the unsuspecting victim’s device.

This new form of attack has already impacted several individuals and organizations using Teams as their primary method of communication. This attack was brought to Microsoft’s attention, and it is only a matter of time till they find a solution to resolve this issue. Until then, people need to stay alert for GIFs they might receive.