Beware: Here’s How a Photograph’s Data Can Hide Malware

We’re always warned of the looming threats that lurk in every corner of the internet.

But these threats no longer just come as phishing emails or thinly veiled scams. What exists now is a danger that’s far more insidious. It wears a million masks and, unless you’re highly skilled in cybersecurity protocols and practices, it can be extremely difficult to detect.

We’re talking about how a photograph can contain hidden malware.

When you consider how often you come across photographs online, you see how much of a risk there is, without even realizing it.

A picture is no longer just worth a thousand words. For cybercriminals, it’s worth a lot more.

 

MALWARE DECRYPTED

The word ‘malware’ is shorthand for ‘malicious software’. It’s an umbrella term that encompasses a variety of harmful software variants, including ransomware, spyware, and viruses.

Malware consists of a set of code that cybercriminals have strategically designed – usually with the aim of causing serious damage to a particular system or software or to gain access to a network for which they’re not authorized.

Typically, malware will attack a system once sent to the target as some sort of file or link. The unsuspecting victim will have to open this link for the malware to perform its intended function. These functions include deleting, stealing or encrypting sensitive data, monitoring a user’s activity, or hijacking or altering core computing functionality for nefarious purposes.

How does this relate to a photograph’s data?

Often, a link or file will come as a photograph. The component of the software that is malicious – the malware – hides in and amongst seemingly innocent snippets of code and data related to the photograph. When run, that code has the potential to cause serious damage.

This is primarily an issue of Steganography. Steganography is the practice of concealing information or messages with other, visible data, image, or text. With photographs, they function as somewhat of a Trojan horse.

The damaging data – designed to hack into a specific system or corrupt a file – shields itself from detection by invading under the premise of an innocent image. Essentially, the threat hides in plain sight.

This is distinctly different from cryptography, which is the practice of writing encrypted messages that are clearly hiding something.

Cryptographic messages are generally recognizable, even to those who are barely computer literate. The code would be very out of place if you were simply browsing through images.

To the average individual, it would look like nonsense, and it takes an expert to understand the intention behind the seemingly chaotic configuration of letters and numbers.

If you actively use social media platforms such as Facebook or Instagram, you may be familiar with the various hidden image tags that accompany every photograph. Essentially, these tags are pockets of metadata that carry vast quantities of information while remaining utterly undetected by the average individual.

You should note that truly threatening malware is not found in your average social media post. Instead, cybercriminals will expertly and meticulously craft an image and its associated data specifically to deliver their respective form of malicious software.

Photographs have proven to be effective carriers of malware. This is because they are essentially just streams of bytes that very few people would have reason to investigate beyond the pure visual representation of a .jpeg or .png file.

Easy embedding options

The problem with malware in photographs is that it’s a relatively easy hack. Cybercriminals can quickly embed malicious content in a photograph and send that image out across the web.

The simplest way of embedding malware is to add it to the image overlay (image end). All this requires is taking an image file and adding malicious content.

For example, if you have a .png file, everything after the IEND chunk is the overlay, and if you have a GIF all the bytes after the trailer are an overlay too. Often the overlay is added too, but with malware, the addition is malicious.

It’s also easy to embed malware in image data from photographs taken on digital cameras or smartphones. Every photo taken has an EXIF tag that stores descriptive metadata of the image, including the camera type and the date and time. This data doesn’t affect the image itself and is appended to include malware or other malicious scripts without detection.

Essentially, in both instances the malware is hidden, and it doesn’t affect or compromise the image. This is what makes it so dangerous.

 

HOW TO PROTECT AGAINST MALWARE

Thankfully, there are ways to protect yourself and your computer against the malware found in the photographs in your web browser, and that you download.

For starters, always be wary of the links you click on, and which files you download. A single click of the mouse can put you at risk, especially if you open everything that comes your way. Apply common sense here – don’t download files from unknown sources and think before you click indiscriminately.

If you’re emailed a link from an unknown source, then it’s always preferable to err on the side of caution and not open it. It may simply be spam, or it could be an image or other carrier file that’s encrypted with malware.

Don’t trust pop-up windows that ask you to download software. The irony of these pop-ups is that they will often say something to make you believe that your computer has a virus and that you should follow their link to solve the issue. If you’re confronted with this, be sure to close the pop-up clicking nowhere inside the window.

Last, it is always worth investing in a trusted and effective antivirus software. This is important if you regularly download files. Do some research to determine which option would be most suited to your needs. Then ensure you always allow for updates to keep it functioning at its optimum.

Stop malware in photographs before it stops you! Take action and prevent being a target.

Techvera icon

Written by Nina Sharpe

June 7, 2021

You May Also Like…