The “TeamPhishing” tool exploits Microsoft Teams and allow attackers to easily go around Microsoft Teams’ file-sending restraints to deliver malware from an external account.

(This is how the attackers use the tools to their advantage).

“TeamPhisher” first confirms the targeted user’s existence and ability to receive external messages before creating a new thread with the target and sending a SharePoint attachment link. It has a huge potential reach that could be leveraged by threat actors to bypass many traditional payload delivery security controls.

The exploit even works against accounts protected by Multi-Factor Authentication (MFA).

The vulnerabilities utilized by “TeamsPhisher” are known and acknowledged by Microsoft, but there are currently no plans for them to be addressed.

CERTVU recommends that organizations and institutions using Microsoft Teams avoid clicking links that could be suspicious and double-verify before opening legitimate messages with a link.
We recommend Users to apply practice habits, including exercising caution when accepting file transfers, opening unknown files, and clicking on links to web pages.