A new attack technique called “GIFShell” enables cybercriminals to exploit Microsoft Teams and carry out phishing attacks to then execute remote code and steal information. All this is achieved through animated GIF images.

Attackers are capable of exploiting different vulnerabilities of Microsoft Teams by infiltrating malicious files with the images. Since the traffic is through Microsoft servers, it is harder to detect by antivirus software, as a file from that origin is mostly considered legitimate.

The severity of this vulnerability arises from the exploitation of several vulnerabilities at once. Since the received messages are stored on the computer, malware can be stored, hidden in a file that contains a link.

For its part, Microsoft has not commented on when an update that could mitigate this vulnerability will be released. This is due to the complexity that implementing these changes requires..

Fountain: Bleeping Computer


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »