A recent Microsoft Teams vulnerability may be exploited by attackers using a new tool accessible on GitHub to automatically distribute malicious files to users’ systems. The TeamsPhisher tool functions without a hitch in settings that allow communication between internal and external Teams users. Two Jumpsec researchers brought attention to the problem last month by demonstrating how attackers may get around a security measure in Microsoft Teams.
It was possible to pull off the feat by altering the internal and external recipient IDs in a message’s POST request, fooling the system into thinking an external user was an internal one. The TeamsPhisher exploit tool, which would take advantage of the hole, was recently revealed by a member of the U.S. Navy’s red team as the problem persisted.