Skip to main content
  1. Home
  2. Computing
  3. News

Hackers can now sneak malware into the GIFs you share

Nathan Drescher
By

How low will malware go to get onto your device? We thought using Minecraft to gain access to your computer was the most nefarious method hackers have produced, but there’s a new, even lower type of attack that uses Microsoft Teams and GIFs to mount phishing attacks on your computer.

The new attack is called GIFShell and it installs malware on your computer to steal data. It does so by sneaking itself into innocent-looking GIFs and then waiting for you to share the GIF with your colleagues via Microsoft Teams.

A video call in progress on Microsoft Teams.
Image used with permission by copyright holder

The problem was discovered by cybersecurity expert Bobby Rauch, who shared his findings exclusively with Bleeping Computers. This new GIF attack exploits multiple vulnerabilities in Microsoft Teams to create a chain of command executions.

Recommended Videos

The only thing the attackers need is a way to get into Microsoft Teams in the first place, and they have settled on one of everyone’s favorite web items: GIFs. The attacks include malicious code in base64 encoded GIFs. They then use Microsoft’s own web infrastructure to unpack the commands and install them directly on your computer.

Related

Microsoft Teams is fairly secure and has multiple levels of protection against malicious file sharing. However, GIFs are usually benign, and people love sharing them. They’re the perfect conduit for attacks.

The files can spoof your computer into opening Windows programs such as Excel. It can then send data back to its originator by tricking Windows into connecting to a remote server.

Rauch disclosed his findings to Microsoft in May 2022, but the company has yet to fix the flaws. Microsoft told Bleeping Computers the GIF attacks “do not meet the bar for an urgent security fix.”

The best thing you can do for now is to not open any GIFs someone may share with you on Teams. We’ll keep an eye on this story and let you know when, and if, Microsoft gets around to fixing the vulnerability.

Editors' Recommendations

Topics
Nathan Drescher
Nathan Drescher
Former Digital Trends Contributor
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
You can finally purge your PC of default Windows apps
Windows 11 Widgets pictured in a screenshot.

A new piece of EU regulation is forcing tech companies to make some drastic changes to policy. To stay compliant with the Digital Markets Act, Apple is being forced to adopt RCS for iPhones and Microsoft will now let you uninstall the Edge browser from your Windows 11 PC.

Microsoft published a blog post with all the details on how it will stay compliant, but the biggest change is the ability to uninstall default apps. Edge is chief among them, but you'll also be able to uninstall Camera, Cortana, and Photos. You can even uninstall Bing from Web Search.

Read more
Whatever you do, don’t buy an Nvidia GPU right now
Three RTX 4080 cards sitting on a pink background.

If you're trying to build or upgrade a PC, now is the best time to buy many different components. Black Friday brings huge discounts on parts, making it the best time of the year to stretch your dollar the furthest. But this year, there's one important part you should wait on: a new Nvidia graphics card.

That's not because Nvidia's latest GPUs are bad -- they're some of the best graphics cards you can buy -- but because we're likely on the brink of a major refresh to Nvidia's current lineup of GPUs, and the deals we're seeing now will probably become the norm in just a few months.
A Super refresh incoming?

Read more
‘Compact Mode’ can’t fix the Xbox app. Here’s what could
Asus ROG Ally with the Windows lock screen.

Microsoft is testing out a new "Compact Mode" for its Xbox app on Windows 11. The mode is currently available to Xbox Insiders, and it shrinks the sidebar in the Xbox app to provide a clearer view into the main window.

It's not a big deal on its own, but it's clearly a move by Microsoft to make Windows 11 easier to use on devices like the Asus ROG Ally and Lenovo Legion Go. It's a step in the right direction, but we need more radical changes to the Xbox app if Microsoft has any hope of making it a destination for not only Xbox Game Pass, but handheld PC gaming devices.
Do it my way

Read more