GIFs: A New Cyberattack Vector

GIFs are highly integrated into our everyday communication. With the transition to remote work, regular communication in the messengers, and video chats, their relevance has increased manifold. These funny animations associate with a good mood, not with danger. But hackers, as usual, keep their hands on the pulse and try to use our habits against us.

The security problem with Microsoft Teams  

Microsoft Teams allows you to send bizarre GIFs, like in many other video chats. CyberArk researchers found a loophole that helps hackers to hack into user accounts and steal data. Most interestingly, the victim had no idea that anyone accessed their data. All that the user had to do in order hackers can succeed was just a glance at the GIF. Yes, no clicking on unknown links or downloading suspicious files needed. The problem was in a compromised subdomain where malicious animated images were stored. This type of exploit is not new. Applications are often unable to perform the necessary checks when content is “delivered” from other servers. Such a cyberattack is not so easy to configure. It is a niche attack used for particularly valuable targets.

Microsoft claims that they noticed and fixed a security hole in the new application update. There is no evidence that any GIF attacks were successful. If this loophole for hackers was not closed, it could result in massive data theft, ransom attacks, and corporate espionage. CyberArk experts suggest that other video chats can be exposed to such an attack vector soon.

There is only one conclusion – always update your software!

Related Posts


Data breaches and cyber attacks in May 2020 – up to 9 billion records

Sorry, this entry is only available in Russian. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. Май 2020 запомнится нам не только ежедневными дождями, но и шквалом утечек данных и кибератак. 8 801 171 594, почти 9 миллиардов […]


Case Study: Online Fraud and Cyber Hygiene

What’s wrong? Recently Kateryna Kobernik, editor-in-chief of Ukrainian magazine “Babel”, ordered a tablet on the OLX platform and was left with nothing. The cybercriminal faked the official service number and sent her an external form to enter the credit card data. After she transferred 14 thousand hryvnias, the seller disappeared. In her post on Facebook, […]

Leave a Reply

Your email address will not be published. Required fields are marked *