Malware hiding in pictures is more likely than you think

Malware hiding in pictures is more likely than you think


19 April 2024

The digital world we live in is full of hidden dangers, some of which may seem like something out of a spy movie. Believe it or not, one of these dangers lurks within the seemingly innocent realm of images. You may be wondering how something as innocuous as an image can pose a threat. Criminals are always trying new tricks to slip through the cracks. One of these tricks is hiding malware in images or photos.

This is made possible by the technique of steganography, where data is hidden inside a file so that it cannot be detected.

Recently, ESET researchers found that this technique was used by the Worok cyber espionage group which hid malicious code in image files, simply taking some specific pixel information from them so as to extract a payload to execute. Keep in mind that this was done on systems that had already been compromised, because hiding malware within images is done more to avoid detection than to gain initial access.

How this hidden malware works

One of the ways to embed malware into an image is to replace the least significant bit of the colour value of each pixel, making any changes almost undetectable to the naked eye. Another technique is embedding in the alpha channel of an image, which controls the transparency of a color. In this way, the image appears roughly the same as a normal one, making any difference difficult to detect with the naked eye.

How does this affect you, the everyday Internet user

Should you be concerned about the images you encounter on the internet? In most cases, not really. Social media platforms typically compress and modify images, making it difficult for threat actors to embed fully functional malicious code. Furthermore, these hidden threats are only activated when a program capable of extracting and executing the code interacts with them.

It is necessary to remain vigilant

The difference between a clean and a malicious image is quite small. To the casual eye, the malicious image may look a little different, and in this case, the strange appearance could be attributed to poor image quality and resolution, but the reality is that all those dark pixels are a sign of malicious code. Also, malicious images have been used to introduce malware, such as trojans and remote access tools, putting unsuspecting users at risk.

The key to staying safe in the digital world

The best protection lies in awareness and prevention. It's good to always keep your protection systems, applications and operating systems up to date. Risk can be avoided by running fully up-to-date software and using a reliable, up-to-date security solution.

View them all