A cybersecurity consultant has discovered a new attack chain that leverages GIF images in Microsoft Teams to execute arbitrary commands on the target’s machine.
The exploit uncovered by Bobby Rauch is dubbed “GIFShell,” and the main component is a GIF image that contains a hidden Python script. This crafted image is sent to a Microsoft Teams user to create a reverse shell.
By abusing the legitimate Microsoft infrastructure, an attacker can bypass security controls, make malicious files appear as harmless, and exfiltrate critical data. To do all that, the attacker needs the victims to install a “Stager,” which is an executable that will actually execute the commands embedded in the GIF.
However, the research shows that such an installation can be achieved in Microsoft teams itself through highly convincing attachments, without any social engineering or additional exploit of another application.
“This research demonstrates how it is possible to send highly convincing phishing attachments to victims through Microsoft Teams, without any way for a user to pre-screen whether the linked attachment is malicious or not,” Rauch wrote.
Any Teams Attachment Can Appear Legit
Indeed, Microsoft Teams supports features such as Deep Linking but it lacks proper sanitizing and validation, allowing potentially unsafe URI schemes. Rauch discovered that Teams will try to render files in line, even if the app doesn’t know how to render the format (e.g., DLL), making any attachment appear as legitimate.
“When a file is uploaded to Microsoft Teams in a message to an allowed user like a co-worker in an Azure organization, Microsoft generates a Sharepoint link to the file, that only the sender and recipient of the Team’s message can view,” Rauch wrote. “When a user then clicks send on the Teams message containing the attachment, a JSON body is sent in a POST request to a Teams endpoint containing the Sharepoint link to the file, and several other file attributes.”
The JSON body can be modified by an attacker to allow an external user to access the Teams attachment despite the default restrictions, and pass malicious files without any possibility of detection (e.g., in pre-screens).
The seemingly harmless file can be used for a drive-by download attack:
Once installed, the executable can monitor Microsoft Teams logs to detect and extract base64 encoded commands. The attackers only have to create their own Microsoft Teams tenant and contact the victims outside of their organization, for example, via external meetings or chat. They can then send crafted GIF images that contain malicious commands to be executed by the Stager on the target’s machine. Teams logs contain copies of Teams messages that can be read by all Windows user groups.
The Stager will use the output of the executed commands as the filename (base64 text) of a remote GIF embedded in an adaptive card submitted to the URL for the incoming webhook connector created for a Teams channel in the attackers’ tenant.
Every time Microsoft’s servers will try to retrieve the GIF image, it will connect back to the attacker’s server to deliver the information.
This clever strategy allows attackers to bypass Microsoft security tools and exfiltrate data stealthily.
See the Best EDR Tools
How to Mitigate GIFShell Vulnerabilities
This chain of vulnerabilities was reported to Microsoft in June 2022 but the company decided that the research did not meet the “bar for immediate servicing.”
In other words, it’s not prioritized for now, but that doesn’t mean that it won’t be fixed. In the meantime, Rauch recommends the following mitigations:
- Ensure users are trained not to click on attachments from unknown external senders.
- Implement a Safe Attachments policy in Microsoft Defender for Office 365 to help prevent the Drive–By download attack.
- Enable SMB Signing or disable NTLM entirely and ensure a complex password policy is in place to help prevent the NTLM attacks.
It should also be noted that Microsoft Teams allows allowlisting of external domains in User settings (see external access), so you can theoretically prevent such unwanted communications with random external organizations.
Red teams and pentesters can try to reproduce the attack by following the prerequisites and the replication steps provided by Rauch in his report.
Read next: The Best Vulnerability Management Tools