How low will malware go to get to your device? We think to use Minecraft to gain access to your computer was the most nefarious method hackers have ever come up with, but there is a new type of attack even lower that uses Microsoft Teams and GIFs to mount phishing attacks on your computer.
The new attack is called GIFShell and it installs malware on your computer to steal data. He does this by sneaking into innocent-looking GIFs and then waiting for you to share the GIF with his colleagues via Microsoft Teams.
The problem was discovered by the cybersecurity expert bobby rauchwho shared his findings exclusively with Bleeping Computers. This new GIF attack exploits multiple vulnerabilities in Microsoft Teams to create a chain of command executions.
All the attackers need is a way to get into Microsoft Teams in the first place, and they’ve settled on one of everyone’s favorite web parts: GIFs. The attacks include malicious code in base64-encoded GIFs. They then use Microsoft’s own web infrastructure to unpack the commands and install them directly on your computer.
Microsoft Teams is quite secure and has multiple levels of protection against malicious file sharing. However, GIFs are usually benign, and people love to share them. They are the perfect conduit for attacks.
The files can spoof your computer to open Windows programs like Excel. It can then send data to its originator by tricking Windows into connecting to a remote server.
Rauch revealed his findings to Microsoft in May 2022, but the company has yet to fix the flaws. Microsoft told Bleeping Computers that the GIF attacks “do not meet the bar for an urgent security fix.”
The best thing to do for now is not to open any GIFs that someone might share with you in Teams.