GIFs in Microsoft Teams not just annoying, actively dangerous

pcgamer.com:

Almost every workplace chat has that one person who considers themselves a bit of a GIF lord. If you're lucky, your workplace may actually have one. Someone who nails the perfect response GIF every time, brightening your day and the days of all others in the channel. More likely you have someone who replies to everything with weird unpleasant GIFs and considers it their life's crusade to police the pronunciation of the format.

Well regardless of legendary status, it's time to cast a wary glare over those GIF happy coworkers. Bleeping Computer(opens in new tab) tells of an exploit in Microsoft Teams that uses GIFs to potentially install malicious files, perform commands, and even extract data via these fun moving images. Yeah that random and completely out of place reaction GIF Blimothy posted last week doesn't seem so innocuous now, does it.

Thankfully there are a few steps to the process. First of all the intended target needs to install a stager to execute the commands given via these naughty GIFs. Given phishing attacks are still successful in this, the year of our GIF lord 2022,(opens in new tab) it's not that unlikely. Especially considering these likely come from a trusted in work source, it's likely an innocent and easy mistake to make. 

From here that stager will run continuous scans on the Microsoft Team logs file, looking for any evil GIFs. These GIFs will have been given a reverse shell by the attackers. This will contain base64 encoded commands which are stored in Team's GIFs, that then perform malicious actions on the target machine. You can find out more about how these GIFShell attacks work via the discover, Bobby Rauch's, Medium page.(opens in new tab) 

Best gaming mouse(opens in new tab): the top rodents