
File Extension Spoofing In Microsoft Sharepoint/OneDrive and Teams
A security vulnerability has been identified within the Office 365 environment, involving file extension spoofing through the use of the Right-to-Left Override (RTLO) character. Additionally, a flaw in the OneDrive protocol handler can enable spear phishers to use OneDrive as a Command and Control (C2) solution. If a user unknowingly executes a file with a spoofed extension, the malicious file can establish a connection to an attacker’s server, enabling unauthorized data exfiltration or further malicious activities.

Malicious File Delivery through Microsoft Teams – Understanding Custom Protocol Handler Threats and more in Electron Applications
As a new security researcher, submitting...