Malicious TeamsPhisher Tool Exploits Microsoft Teams Vulnerability to Deliver Malware
A new security threat has been uncovered that can compromise the security of Microsoft Teams users. Researchers have discovered a tool called “TeamsPhisher” that exploits a vulnerability in the popular communication platform, enabling attackers to bypass file-sending restrictions and send malware to users.
The tool was created by a researcher from the U.S. Navy’s red team and leverages a security flaw in Microsoft Teams that can allow attackers to bypass restrictions on incoming files from users outside of a targeted organization, known as external tenants. If successfully exploited, this vulnerability allows attackers to send a malicious payload directly to a target Microsoft Teams’ inbox.
The TeamsPhisher tool is based on Python and offers a fully automated approach to carrying out the attack. It first verifies the target user’s existence and their ability to receive external messages before creating a new thread with the target user and sending them a message containing a Sharepoint attachment link.
Microsoft has not yet released a patch for this vulnerability, and users are advised to adopt safe online computing practices, such as being cautious when clicking on web page links, opening unfamiliar files, or accepting file transfers. Organizations are also urged to disable external tenant communications if not required and to establish an allow-list comprising trusted domains to minimize the risk of exploitation.
Microsoft Teams users and organizations are encouraged to take these precautions seriously to prevent falling victim to the TeamsPhisher tool and the potential damage of malware infections.