Skip to main content
  1. Home
  2. Computing
  3. News

Hackers can now sneak malware into the GIFs you share

By

How low will malware go to get onto your device? We thought using Minecraft to gain access to your computer was the most nefarious method hackers have produced, but there’s a new, even lower type of attack that uses Microsoft Teams and GIFs to mount phishing attacks on your computer.

The new attack is called GIFShell and it installs malware on your computer to steal data. It does so by sneaking itself into innocent-looking GIFs and then waiting for you to share the GIF with your colleagues via Microsoft Teams.

A video call in progress on Microsoft Teams.
Image used with permission by copyright holder

The problem was discovered by cybersecurity expert Bobby Rauch, who shared his findings exclusively with Bleeping Computers. This new GIF attack exploits multiple vulnerabilities in Microsoft Teams to create a chain of command executions.

Recommended Videos

The only thing the attackers need is a way to get into Microsoft Teams in the first place, and they have settled on one of everyone’s favorite web items: GIFs. The attacks include malicious code in base64 encoded GIFs. They then use Microsoft’s own web infrastructure to unpack the commands and install them directly on your computer.

Microsoft Teams is fairly secure and has multiple levels of protection against malicious file sharing. However, GIFs are usually benign, and people love sharing them. They’re the perfect conduit for attacks.

The files can spoof your computer into opening Windows programs such as Excel. It can then send data back to its originator by tricking Windows into connecting to a remote server.

Rauch disclosed his findings to Microsoft in May 2022, but the company has yet to fix the flaws. Microsoft told Bleeping Computers the GIF attacks “do not meet the bar for an urgent security fix.”

The best thing you can do for now is to not open any GIFs someone may share with you on Teams. We’ll keep an eye on this story and let you know when, and if, Microsoft gets around to fixing the vulnerability.

Editors' Recommendations

Topics
Nathan Drescher
Nathan Drescher
Former Digital Trends Contributor
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
The best Lenovo gaming laptops you can buy right now
The Lenovo Legion 5i Pro sitting at an angle.

Lenovo is one of the leading manufacturers when it comes to the best gaming laptops. The company’s commitment to innovation is evident in the raw processing power of the latest chips and the precision cooling systems that ensure peak performance.

Even in the design department, Lenovo gaming laptops continue to boast a distinctly industrial look that is universal across its range. They might not be as flashy or flamboyant as something from Asus or Alienware, but there’s a level of sophistication that makes these devices suitable for various settings beyond gaming environments. Here’s a look at some of the best Lenovo gaming laptops if you are planning to buy one.
Lenovo Legion Pro 9i
The Lenovo Legion Pro 9i is a gaming powerhouse boasting top-tier specs, innovative features, and a design that stands out in the crowded gaming laptop arena. The laptop defies expectations with its high-end specifications, including the powerful Intel Core i9-13980HX mobile CPU, an RTX 4090 GPU, and a liquid cooling system. Yes, you read that right, it comes with a built-in liquid cooling solution to deliver the best thermal performance.

Read more
When a high frame rate can lose you the game
A solider from Call of Duty Modern Warfare 3.

"Frames win games." That's been Nvidia's marketing campaign targeted at esports players since the introduction of Nvidia Reflex. It's a great slogan, catchy with the right amount of truth, and the perfect pairing for Nvidia's RTX technologies. In a new era of generated frames, though, it requires a bit of context.

Nvidia's DLSS 3 generates frames on RTX 40-series graphics cards, massively improving your performance. The trade-off, however, is an increase in latency, which hasn't been a big deal up to this point. In games like Ratchet and Clank: Rift Apart and Cyberpunk 2077, you don't need to worry about gaining a competitive edge. But now, we're seeing DLSS 3 for the first time in a competitive shooter: Call of Duty Modern Warfare 3. Originally, the game only included DLSS 3 in the single-player campaign, but after a few days, it was patched into all game modes, including Zombies and multiplayer.

Read more
Here’s why you can’t sign up for ChatGPT Plus right now
A person sits in front of a laptop. On the laptop screen is the home page for OpenAI's ChatGPT artificial intelligence chatbot.

CEO Sam Altman's sudden departure from OpenAI weekend isn't the only drama happening with ChatGPT. Due to high demand, paid subscriptions for OpenAI's ChatGPT Plus have been halted for nearly a week.

The company has a waitlist for those interested in registering for ChatGPT to be notified of when the text-to-speech AI generator is available once more.

Read more