You might not have realized it, but malware can be injected into digital photos that appear to be perfectly normal. The technique for doing so\u00a0is\u00a0known as\u00a0steganography<\/a>, or\u00a0the practice of hiding one file in another,\u00a0and\u00a0it\u2019s not always done\u00a0maliciously. The method takes advantage of the hidden data that comes along with an image, data which isn\u2019t necessarily translated into pixels on your\u00a0screen.<\/p>\n Almost any image format can be edited to conceal malware, and the more appealing and popular the picture,\u00a0the better: Images from the James Webb telescope\u00a0were recently used<\/a>\u00a0as part of a malware attack, for example. Typically, these compromised pictures get served to you on\u00a0websites\u00a0or embedded in\u00a0documents.<\/p>\n Those are the basics, but the exact details of this threat vary between attacks. Malware code can be embedded in an image in a few different ways, for example: Attached to the end of a file, or through slight tweaks to individual bits of\u00a0the code, or through changes to the metadata associated with a file (this metadata also stores the time and date the photo was taken, and other information).<\/p>\n In one recent attack, the ObliqueRAT malware\u00a0was hidden inside<\/a>\u00a0a seemingly ordinary bitmap file displayed in a browser tab. In this case, a Microsoft Office email attachment was used to direct unsuspecting targets towards the image, but a variety of other methods can be deployed as well\u2014as long as the image gets loaded, the exploit can work.<\/p>\n Whatever the details, the image acts as the carrier for something dangerous, like the Trojan horse of Greek lore. Pictures can carry code to cause damage to a system, to set up a ransomware request, or to\u00a0start mining crypto on a computer<\/a>. There are many different variations and possibilities, and of course new threats are being developed all the time. In fact, any file can be used as a\u00a0carrier\u2014videos and documents work as well as images.<\/p>\n One of the reasons these attacks work so well is that an image file seems a lot more innocent than an executable file. Even if you\u2019re unlikely to download and run an app you don\u2019t know anything about, you might be tempted to take a look at a picture someone has sent you\u2014especially if it\u2019s a majestic shot of deep space, as with the James Webb telescope example.<\/p>\n As with other security threats, bad actors and security experts are in a constant battle to stay ahead: For instance, threat intelligence company Reversing Labs has\u00a0a great\u00a0blog post<\/a>\u00a0about how the EXIF data attached to an image (those details around when the photo was taken and which camera was used) can be compromised to execute code. There are plenty more examples out there.<\/p>\n At this point,\u00a0you might be wondering if you should ever load an image in your web browser or email client again. The\u00a0setting to block this\u00a0is actually available in most browsers if you really want to be on the safe side\u2014in Chrome, for example, open\u00a0Settings<\/strong>\u00a0from the menu and then click\u00a0Privacy and security<\/strong>,\u00a0Site settings<\/strong>, and\u00a0Images<\/strong>.<\/p>\n The good news is that your web browser will be actively looking for online threats and should shut down the majority of malware attacks that come through images before they can do any damage. Computer security is never 100 percent guaranteed, but you\u2019re most likely going to be fine if you carry on loading images as normal, thanks to the limits that browsers put on what websites are able to do\u2014just make sure that your browser is always\u00a0up to date.<\/p>\n It\u2019s also worth bearing in mind that almost all the images you see on social media have been modified and compressed on their way to a data server, making it very difficult for a bad actor to hide code that\u2019s still fully preserved by the time the image makes it in front of anyone\u2019s eyeballs. Image-based malware isn\u2019t a particularly common threat, but it\u2019s still worth knowing about and protecting yourself from.<\/p>\n All the same security rules apply to keep yourself safe from image-based attacks as for any other kind of threat. Make sure your programs are always running the very latest versions, be wary of opening anything that comes your way over email and social media (even if it appears to be from someone you trust), and for extra peace of mind,\u00a0get a\u00a0third-party security software suite<\/a>\u00a0installed on your computer.<\/p>\n![\"\"](\"https:\/\/www.fie.undef.edu.ar\/ceptm\/wp-content\/uploads\/2022\/10\/ab1a65acdd5c08f544661ac85cd11509.webp\")
![\"\"](\"https:\/\/www.fie.undef.edu.ar\/ceptm\/wp-content\/uploads\/2022\/10\/a44b5101b8b128c614749ad66d5c2bcc.webp\")
![\"\"](\"https:\/\/www.fie.undef.edu.ar\/ceptm\/wp-content\/uploads\/2022\/10\/62a058c1b3a4a73a77ad22f35738d397.webp\")