Skip to main content

Hackers can now sneak malware into the GIFs you share

How low will malware go to get onto your device? We thought using Minecraft to gain access to your computer was the most nefarious method hackers have produced, but there’s a new, even lower type of attack that uses Microsoft Teams and GIFs to mount phishing attacks on your computer.

The new attack is called GIFShell and it installs malware on your computer to steal data. It does so by sneaking itself into innocent-looking GIFs and then waiting for you to share the GIF with your colleagues via Microsoft Teams.

Related Videos
A video call in progress on Microsoft Teams.

The problem was discovered by cybersecurity expert Bobby Rauch, who shared his findings exclusively with Bleeping Computers. This new GIF attack exploits multiple vulnerabilities in Microsoft Teams to create a chain of command executions.

The only thing the attackers need is a way to get into Microsoft Teams in the first place, and they have settled on one of everyone’s favorite web items: GIFs. The attacks include malicious code in base64 encoded GIFs. They then use Microsoft’s own web infrastructure to unpack the commands and install them directly on your computer.

Microsoft Teams is fairly secure and has multiple levels of protection against malicious file sharing. However, GIFs are usually benign, and people love sharing them. They’re the perfect conduit for attacks.

The files can spoof your computer into opening Windows programs such as Excel. It can then send data back to its originator by tricking Windows into connecting to a remote server.

Rauch disclosed his findings to Microsoft in May 2022, but the company has yet to fix the flaws. Microsoft told Bleeping Computers the GIF attacks “do not meet the bar for an urgent security fix.”

The best thing you can do for now is to not open any GIFs someone may share with you on Teams. We’ll keep an eye on this story and let you know when, and if, Microsoft gets around to fixing the vulnerability.

Editors' Recommendations

Adobe Firefly brings text-to-image AI to the masses, with artist ethics in mind
AI-generated imagery in Nvidia's press photo for AI Foundations.

Adobe Firefly was announced today by Adobe, as the company attempts to capitalize on the surge in interest in generative AI. The text-to-image model is only in beta, but will be coming first to Adobe Express, the company's simplest and most user-friendly application.

The set of tools will function a lot like many of the other popular text-to-image models, such as Stable Diffusion or Midjourney. The difference here, however, is that Firefly is built from the ground up by Adobe to be used within its creative applications. That means Firefly will be both highly accessible to beginners and include important ethical considerations for artists.

Read more
Bing Image Creator brings DALL-E AI-generated images to your browser
Bing Image Creator being used in the Edge sidebar.

Microsoft isn't slowing down its momentum in generative AI. Just a month since it launched the ChatGPT-based Bing Chat, the company is now introducing Bing Image Creator, which brings text-to-image generation right to your browser.

Bing Image Creator lets you create images from text using DALL-E, which is OpenAI's own text-to-image AI model. Microsoft says it's using "an advanced" version of DALL-E, though the company didn't provide specifics about how it was different than the current DALL-E 2 model. This isn't dissimilar, though, to how Bing Chat was announced, which had been running on GPT-4 before the new model had even been announced.

Read more
The Windows 11 taskbar is getting an important new update
windows 11 taskbar third party app pinning

Microsoft is working on new experiences for Windows that will allow developers to enable pinning for third-party applications, as well as enable pinning to the Taskbar.

Microsoft recently announced the details of these upcoming functions in a blog post. This is the brand's attempt to universalize its pinning process across all apps used on Windows. In practice, it will be similar to how pinning works on the Edge browser, with the Windows 11 users being notified by the Action Center about a request for pinning to the Taskbar by the app in question.

Read more