Skip to main content

Hackers can now sneak malware into the GIFs you share

How low will malware go to get onto your device? We thought using Minecraft to gain access to your computer was the most nefarious method hackers have produced, but there’s a new, even lower type of attack that uses Microsoft Teams and GIFs to mount phishing attacks on your computer.

The new attack is called GIFShell and it installs malware on your computer to steal data. It does so by sneaking itself into innocent-looking GIFs and then waiting for you to share the GIF with your colleagues via Microsoft Teams.

A video call in progress on Microsoft Teams.
Image used with permission by copyright holder

The problem was discovered by cybersecurity expert Bobby Rauch, who shared his findings exclusively with Bleeping Computers. This new GIF attack exploits multiple vulnerabilities in Microsoft Teams to create a chain of command executions.

Recommended Videos

The only thing the attackers need is a way to get into Microsoft Teams in the first place, and they have settled on one of everyone’s favorite web items: GIFs. The attacks include malicious code in base64 encoded GIFs. They then use Microsoft’s own web infrastructure to unpack the commands and install them directly on your computer.

Microsoft Teams is fairly secure and has multiple levels of protection against malicious file sharing. However, GIFs are usually benign, and people love sharing them. They’re the perfect conduit for attacks.

The files can spoof your computer into opening Windows programs such as Excel. It can then send data back to its originator by tricking Windows into connecting to a remote server.

Rauch disclosed his findings to Microsoft in May 2022, but the company has yet to fix the flaws. Microsoft told Bleeping Computers the GIF attacks “do not meet the bar for an urgent security fix.”

The best thing you can do for now is to not open any GIFs someone may share with you on Teams. We’ll keep an eye on this story and let you know when, and if, Microsoft gets around to fixing the vulnerability.

Nathan Drescher
Former Digital Trends Contributor
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
The best Copilot+ laptops that you can buy now
The two sizes of the Galaxy Book4 Edge on a table.

Copilot+ PCs represent a new era for Windows. Microsoft's implementation of AI is key to these new devices, of course, but so is the transition to Arm. Although Copilot+ isn't limited to Qualcomm's Arm chips, right now they have exclusivity because of the required 40 Tera Operations Per Second (TOPS) performance of the neutral processing unit (NPU) in these devices.

That means these new laptops are thin, powerful, and have fantastic battery life -- a fantastic antidote to the MacBook Air. Though we haven't reviewed any in-depth yet, here are our favorites from among the ones we've seen in person so far.
Microsoft Surface Laptop

Read more
The 5 best things you can do with Copilot Pro right now
Microsoft Copilot Pro.

Copilot Pro is Microsoft’s AI subscription service that costs $20 per month for individuals and is integrated into the brand’s Microsoft 365 suite. The paid service offers unique features to Microsoft users, provides faster and more consistent AI performance with priority access to the GPT-4 and GPT-4 Turbo large language models (LLM) during peak times, and also brings the AI technology to the brand’s most popular PC applications -- and that's where things get really interesting.

Here are some of the best features on Copilot Pro and how they work.
Create custom GPTs

Read more
Have one of these OnePlus phones? You can now download Android 15
OnePlus Open in Emerald Dusk open showing inner display flat.

The wait for Android 15 is over for some owners of some OnePlus devices. With Android 15 Beta 2 expected to launch today, OnePlus is rolling out the Android 15 Beta 1 for owners of the OnePlus 12 and OnePlus Open. Now, keep in mind that this is still a beta, meaning it’s intended for developers and advanced users, and there are still several known issues and bugs.

The update will roll out globally and needs to be manually installed. We highly recommend following the steps OnePlus has laid out in its forum post and backing up the data on your phone since there is a risk of bricking. To upgrade, you’ll need to be running Android 14.0.0.610 and below; versions above it can’t be upgraded without rolling back.

Read more