Microsoft Teams Can Be Used to Download and Run Malicious Packages

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The update mechanism as it is currently implemented in Microsoft Teams desktop app allows downloading and executing arbitrary files on the system.
The same issue affects GitHub, WhatApp, and UiPath software for desktop computers but it can be used only to download a payload.

These applications rely on the open source Squirrel project to manage installation and updating routines, which uses NuGet package manager to create the necessary files.
Multiple security researchers discovered that using the 'update' command for a vulnerable application it is possible to execute an arbitrary binary in the context of the current user. The same goes for 'squirrel.exe.' With Microsoft Teams, a payload is added to its folder and executed automatically using either of the following commands:
... ...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top