a new species Cyberattack exploiting flaws in Microsoft Teams makes it possible to steal data through the use of seemingly harmless GIFs. The malicious campaign, uncovered by online security consultant Bobby Rauch, was detailed by BleeComputer last Thursday (8).
judicialGIFShell”, the technique begins with a “cascade” installation on the victim’s device, which is malware that analyzes logs from Microsoft’s messenger, which can be done through a phishing attack. This malicious file constantly scans Teams for spaces.
The cybercriminals then communicate with the target via the message program. modified gifs, running on servers controlled by them, but running on the Redmond dev’s build. At this point, those responsible for the action start executing malicious code on the target machine.
When the victim receives the malicious GIF, the stager extracts the encoded commands and is ready to perform actions determined by the cybercriminals, ranging from stealing data to performing different types of cyberattacks. The malware can continue to receive and execute new commands while active on the computer.
hard to detect
According to Rauch, Using malicious GIFs to steal data in Microsoft Teams is hard to detect. This is due to the fact that the legitimate network of the messenger is used in the campaign, the extracted information is mixed with programmatic communications and interferes with the work of antivirus and other security tools.
Nevertheless, big tech still not working on a fix for the problem, for a while. The company, which was warned about the bugs by the researcher in May of this year, emphasized that “minor vulnerabilities do not pose an immediate risk to customers” and that their exploitation depends on several steps and mistakes made by the user.
In a statement, the Windows owner also security update is not ruled out in the future, but without mentioning any deadlines. No information on the subject so far Using GIFShell in Cyber Attacks.
Source: Tec Mundo