Microsoft Teams Vulnerability Allows Hackers to Plant Malware

A tool named TeamsPhisher, developed and released by a U.S. Navy's Red team member, exploits an unaddressed security vulnerability within Microsoft Teams. This tool allows users to bypass restrictions on incoming files from external tenants, which are users outside the organization. By circumventing these restrictions, the tool opens up the possibility for potentially unauthorized files to enter the targeted organization's systems.

In a recent discovery, researchers found a new attack pathway in popular communication platforms like Teams, Slack, and Zoom. As traditional infection routes, such as email inboxes and websites, receive more scrutiny, hackers are exploring alternative methods to exploit vulnerabilities in these platforms.

According to the cybersecurity team at Jumpsec Labs, this vulnerability affects organizations utilizing the default configuration of Microsoft Teams. By bypassing client-side security controls, external tenants gain the ability to send malicious files to employees within the organization.

Max Corbridge, a researcher from Jumpsec's Red Team, highlighted this issue in a research note posted last week. He elaborated on how an attacker can effectively circumvent the file-sending restrictions in Microsoft Teams to distribute malware from an external account.

Developed in Python, TeamsPhisher takes advantage of the application's dependency on client-side protections, which can be manipulated by modifying the ID in a POST request for a message. By utilizing TeamsPhisher, users can upload attachments to their SharePoint and send messages to targeted Teams users, making it appear as if the message originated from an internal user, even if the sender is actually from an external tenant.

Microsoft has acknowledged the presence of TeamsPhisher and recognizes that the tool's effectiveness relies on social engineering techniques. The company urges users to adopt responsible online practices and exercise caution when engaging with different elements online, such as clicking on website links, opening unknown files, or accepting file transfers.