The US Navy has hacked Microsoft Teams to send malware

News
By published

A new tool in response to a new Microsoft Teams discovery

Ransomware
Image credit: Shutterstock (Image credit: Shutterstock)

Security experts at the US Navy have developed a tool to exploit a recently discovered flaw in Microsoft Teams.

Last month, the video conferencing software was found to have bug which allowed files sent from external accounts to be received into an organization's inbox, something that is supposed to be prohibited.

The red team at the US Navy has made a tool called TeamsPhisher that makes use of this flaw, which involves simply changing the ID in the POST request of a message to make Teams think that the external file send has actually come from an internal account, and is therefore accepted.

Protecting your business from the biggest threats online

Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?) 

View Deal

TeamsPhisher

Written in Python, the tool can carry out attacks with full autonomy. All the user has to do is write the accompanying message, attach the file and give it a list of targets to hit. It will work out which targets have external message reception turned on and only attack those, as this has to be enabled for the attack to work. 

Another trick it uses is to make the new thread with the user a group chat by including the target's email twice. According to the description on the tool's GitHub page, this will, "bypass the "Someone outside your organization messaged you, are you sure you want to view it" splash screen that can give our targets reason for pause."

read more

> What is phishing and how dangerous is it?

> These are the best online collaboration tools around

> Microsoft Teams will soon hide evidence of your biggest video call mistakes

The message is sent to the user and the attachment will be linked in the user's Sharepoint.

TeamsPhisher also requires the targets to have Microsoft Business accounts with a Teams and Sharepoint license, which many companies who use Teams will. The tool can also delay messages to prevent running up against rate limits, as well as write its outputs to a log file. 

A threat actor could use TeamsPhisher to deliver malware to Teams users who have external messaging turned on. Microsoft has not yet fixed the issue, and said that it isn't even serious enough to merit immediate attention from the company. 

It also said that it is aware of the new TeamsPhisher tool and notes that it relies on social engineering to work, so is advising users merely to be cautious when receiving any links or attachments. 

Users can disable external messages by navigating to the Microsoft Teams Admin Center and then to External Access. If users do not wish to block all external communications, then they can choose to communicate with trusted domains only by adding them to the allow list. 

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Phishing
Russian cyberattackers spotted hitting Microsoft Teams with new phishing campaign
Microsoft Teams
Microsoft Teams is finally introducing a spam and phishing alert - here’s what you need to know
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
A person at a laptop with a cybersecure lock symbol floating above it.
A worrying security flaw could have left Microsoft SharePoint users open to attack
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in Pro
cybersecurity
What's the right type of web hosting for me?
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
construction
Building in the digital age: why construction’s future depends on scaling jobsite intelligence
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about pro
Silicon Motion MonTian 128TB SSD

More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab

How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD