Remember the good ol’ days, when all that we had to worry about was beingness phished via our ain electronic mail inboxes? It’s a dangerous new earth—malware lurks unseen everywhere, and fifty-fifty something equally simple as opening upward the incorrect image online might be enough to put yous and your device at risk.



Just how can malware hide in image metadata? How can you avoid beingness targeted past scammers?

Reports of Trojan profile pictures on Slack, Discord, WooCommerce, and Steam have been cropping up, all bearing dangerous hidden code; the epitome acts as a vessel, conveying the malware without necessarily being “infected” itself.

These attacks are able to reach victims through a number of supposedly secure channels, all through metadata.

Cybercriminals are able to catch a ride on something similar a user’southward profile movie, slipping past authorities covertly. This is really hard to discover without excavation into every single image uploaded to a given server.

Malware in Images: How Is That Fifty-fifty Possible?


Images online may sometimes harbor dangerous malware. Information technology’south not always like shooting fish in a barrel to choice up, even with EXIF analyzation software such as Jeffrey’south Prototype Metadata Viewer. You need to know what y’all’re looking for, and the average user doesn’t always have the background or the know-how.

In 1 case from GDATA, a JPEG meme is shown exhibiting a “bad length” for its ICC contour subsequently being examined with an EXIF tool. Ordinarily, this is where the output standard for the paradigm would be plant. Information technology’s been replaced by encrypted JavaScript malware.

Afterward making information technology to you through ane of the websites mentioned previously, this on-board malware requires something on your turf in order to extract itself. If yous’re beingness targeted, this downloader may come up to yous in the grade of an electronic mail attachment or through a malicious spider web app.

The photographers out there are probably thinking: who fifty-fifty comes upwardly with this stuff? All’s fair in beloved, war, and hacking.


An unlocked padlock on top of a bunch of disembodied keyboard keys.

The obvious answer would be to avoid using whatever of the platforms where these types of attacks appear to be common. What else can you exercise to stay on the safety side?

1. Never Download Anything Suspicious

Don’t download anything you lot’re not sure nigh. This is doubly true if the person who sent it isn’t somebody that you know.

In theory, you’re safe as long as you never copy over any of the execution software that goes along with these images to your figurer.

2. Scrutinize the Unfamiliar

We’re non saying that you shouldn’t consider an app or site that yous’ve never used before. All that we’re saying is that if something feels incorrect, you should trust your gut.

Endeavour to stay away from websites that look shoddy, slapdash, or superficial, and avoid any forms, popular-ups, or downloads therein if you do detect yourself somewhere seedy.

3. Avert Inputting Personal Information on Your Devices

If a device tin log a keystroke, everything that y’all practice becomes data that others can collect. Your credit card numbers, your Pivot number, your social security number, and all of your usernames and passwords are off-white game, every single fourth dimension y’all blazon them out.


This trouble, naturally, can exist difficult to avert—you demand to scan your devices with a security suite to make sure you’re non infected, and use ii-factor authentication whenever you can.

4. Invest in the Correct Antivirus Software

When in doubt, information technology never hurts to enlist some assist from the pros. Many companies offer software packages that’ll scan each download, cheque your computer regularly for malware, and fifty-fifty stop you from visiting sites that announced to exist less that reputable from the back-end. Some antiviruses are even free!

The ingenuity of this tactic, admittedly, is inspired. In many cases, you won’t even know that it’s happening to you lot until it’south already too belatedly.

You’ll demand to go along your eyes and ears open up, especially when inviting a new brand or service into your inner circle. It’s always better to be safe than sorry.


5 Cybersecurity Myths That Make You More than Vulnerable to Attacks

Read Side by side