Connect with us

Microsoft Squashes ‘Evil GIF’ Exploit in Teams

Credit: Microsoft

Video conferencing apps just can’t catch a break.

In the socially isolated world, video conferencing apps have become an absolute necessity for those working from home. Zoom is probably the most well-known of these apps, but due to recent controversies over vulnerabilities and questionable features, some have chosen to jump ship. Microsoft has been trying to get a piece of that action with its Microsoft Teams app, and considering Zoom’s backlash, it’s a good time. Unfortunately, until recently, Teams wasn’t exactly ship-shape itself.

According to a CyberArc report posted this morning, during a period between late February and mid-March, Microsoft Teams was vulnerable to a very specific exploit that could potentially compromise a company’s entire virtual infrastructure. And who is the mastermind behind this data-jacking? None other than… Donald Duck?

Credit: CyberArc

Microsoft Teams issues virtual “tokens” to anyone with authorized access to a particular Teams account. Some shmuck discovered that those tokens could be hijacked through a typical phishing link. However, since a regular clickable link to a phishing site is too obvious, they upped their game: a malicious GIF. Most chatting apps will load previews of images and GIFs when their links are posted, but they have to contact the site to do that. By baking the link into a GIF of Donald Duck stuffing the doll booth at Disneyland (an oddly specific choice), they could force someone using Teams to make contact with the phishing site, which would give them free access.

The exploit was successfully patched by Microsoft on April 20, and as far as they know, no accounts were compromised. It could’ve been disastrous, though, according to CyberArc. “Eventually, the attacker could access all the data from your organization Teams accounts, gathering confidential information, competitive data, secrets, passwords, private information, business plans,” their report read. “Maybe even more disturbing, they could also exploit this vulnerability to send false information to employees – impersonating a company’s most trusted leadership – leading to financial damage, confusion, direct data leakage, and more.”

Connect