How malware hides in images and what you can do about it

Photo from space

Malware could hide in the most innocuous images

There are many dangers to watch out for when it comes to protecting your devices and data, including viruses, phishing attemptscompromised Wi-Fi networks and malicious usb drives. Here, we’re going to talk about one of the lesser-known threats: compromised images.

You may not have realized it, but malware can be injected into digital photos that look perfectly normal. Jit technique to do it is known as steganographyWhere the practice of hiding one file inside another, and it’s not always done mischievouslyy. The method takes advantage of the hidden data that accompanies an image, data that is not necessarily translated into pixels on your filter.

Almost any image format can be modified to conceal malware, and the more attractive and popular the image, best: Images from the James Webb Telescope have been recently used as part of a malware attack, for example. Generally, these compromised images are served to you on websites or integrated into documents.

Image metadata

There is more to image files than meets the eye.
Screenshot: Adobe Photoshop Elements

These are the basics, but the exact details of this threat vary from attack to attack. Malicious code can be embedded in an image in various ways, for example: Attached to the end of a file or through slight modifications to individual elements of the code, or by modifying the metadata associated with a file (this metadata also stores the time and date the photo was taken, as well as other information).

In a recent attack, the ObliqueRAT malware was hidden inside a seemingly ordinary bitmap file displayed in a browser tab. In this case, a Microsoft Office attachment was used to direct unsuspecting targets to the image, but various other methods can also be deployed – as long as the image is loaded, the exploit can work.

Whatever the details, the image serves as a support for something dangerous, like the Trojan horse of the Greek tradition. The images may contain code to cause harm to a system, to set up a ransomware request, or to start mining crypto on computer. There are many variants and possibilities, and of course new threats are constantly being developed. In fact, any file can be used as carrier—videos and documents work just as well as images.

About the Chrome Tab

Web browsers are well protected against this type of threat, but keep them updated.
Screenshot: Google Chrome

One of the reasons these attacks work so well is that an image file looks much more innocent than an executable file. Even if you’re unlikely to download and run an app you know nothing aboutyou might be tempted to peek at a photo someone sent you, especially if it’s a majestic shot from deep space, like with the James Webb Telescope example.

As with other security threats, malicious actors and security experts are in a constant battle to stay one step ahead: for example, threat intelligence firm Reversing Labs has a big blog post about how EXIF ​​data attached to an image (those details about when the photo was taken and what camera was used) can be compromised to run code. There are many more examples out there.

That much, you might be wondering if you should load an image again in your web browser or email client. The setting to block this is actually available in most browsers if you really want to be on the safe side – in Chrome, for example, open Settings in the menu, then click Privacy and Security, Site settingsand Pictures.

Chrome Settings

Be ultra-secure and disable images in your browser.
Screenshot: Google Chrome

The good news is that your web browser will actively scan for online threats and should stop the majority of image-passing malware attacks before they can do any harm. Computer security is never 100% guaranteed, but you’ll probably be fine if you keep loading images as normal, thanks to the limits browsers place on what websites can do. Just make sure your browser is always up to date.

It’s also worth bearing in mind that almost every image you see on social media has been altered and compressed while being sent to a data server, making it very difficult for a bad actor to hide the code that is still fully preserved at the time the image makes before anyone’s eyeballs. Image-based malware isn’t a particularly common threat, but it’s still worth knowing about it and protecting yourself against it.

All the same security rules apply to protect you from image-based attacks as with any other type of threat. Make sure your programs are always running the very latest versions, be wary of opening anything that comes to you via email and social media (even if it appears to be from someone you trust) , and for added peace of mind, obtain a third-party security software suite installed on your computer.


About Author

Comments are closed.