Beware Of Free Illustrations: Malware Can Be Hidden In Images
You’re designing a new landing page for a client. Like always, you go to a royalty-free image site to download a few pictures to add them to your design. A few minutes later, you receive an email that somebody tried to change your password. You’ve been hacked. But how?
Hackers can now hide malware in images. Cybercriminals love places where loads of people download files. Combining the two and uploading corrupted images is like hitting the jackpot. Eventually, they’ll strike an unsuspecting victim and steal their emails, passwords, and cryptocurrency wallets.
How can you hide malware in an image?
It makes sense if you download pirated software to get a virus on your device. You’re installing something, and the malware latches on your device because it’s a pirated file. But an image?
It all boils down to a practice called stenography. Hackers hide secret code in images, videos, audio, and application files.
Here’s an example of how it works. Let’s say you’re in school and want to tell your crush you like them. It takes a lot of confidence, and you decide to do something different and special. You write a note with invisible ink. When you give it, you tell your crush that they need to put it on a warm iron or above a candle to see the message. As soon as they do so, the message appears.
Sure, now kids use disappearing messages on chat apps. But we all have to admit that invisible ink is pretty cool too.
Just like invisible ink, hackers can put invisible code in pictures. The average image has a pixel content of a few megabytes. Hackers meddle with the pixels to add malicious code. They change the value of some colors, and the human eye can’t distinguish the difference. And antivirus programs would take a lot of time if they were to scan every image. It’s a gamble because the photo may or may not have malicious code.
How can you detect a harmful image?
Because the visual appearance doesn’t change, it’s super hard to notice the changes. The modifications are minor, and stenography is easy to implement.
Antivirus programs don’t have the necessary protection from these attacks. But here are some ways to notice whether somebody tampered with an image.
If a picture is suspiciously large, it might be because of hidden information. Color differences fall into the same category. If you’re comparing two images, and one seems different than what you’re used to, it could have malware. Finally, duplicate colors could suggest a stenography attack too.
Are there any examples of successful image hacks?
Yes. LokiBot is an infamous malware that steals credentials like passwords, usernames, and crypto. It hides a Trojan virus in an executable and a JPG file, which are installed together. When you open the image, the executable data unlocks and monitors your device.
Apart from LokiBot, there’s Duqu, who was the first successful stenography cyberattack. Other notable examples include the Zeus banking Trojan, the Lurk ransomware, Stegano,
Stegoloader/Gatak, and the Sundown Exploit Kit. After the pandemic, there was a 600% rise in these types of attacks, and hackers show no signs of slowing down.
How can you protect your devices?
As a designer, your biggest fear is somebody blatantly stealing your designs or plagiarizing. But stenography should be high up on the fear list, too, especially if you’re constantly downloading images.
To protect yourself, you first need to pay attention to images before you download them. Make a screenshot and open it in your editing software to look for subtle differences. This will definitely take up more time, but it’s better to be safe than sorry.
Monitor your outgoing traffic, and only install applications with trusted signatures. Ensure you’ve got anti-malware software and update every new patch.
A piece of good news comes from the world of AI. Behavioral artificial intelligence can detect malware from files, images, and executables. Of course, AI is a new technology, and getting a VPN for ChatGPT, MidJourney, and other similar apps you use is a must. There are privacy issues with using them, and it’s better to mask your IP than let it drip into the open net.
Are there any other dangers online?
An antivirus and VPN will protect you from pretty much every danger you can experience online, apart from phishing attacks.
Phishing attacks are carefully curated and socially engineered to target individuals. Hackers do their research and send you messages or emails that seem urgent, but they’re scams in disguise.
You might get an email that somebody tried to log into your freelance account and tried to reset your password or change your payment option. Immediately, you’d jump at the message and click to create a new password or to confirm your credit card details.
That’s exactly what a hacker wants. Hackers can create mirror websites of official companies and target specific demographics like designers, freelancers, and programmers.
A few final words
Cybersecurity is not a given right in the online world. You have to actively work for it. Criminals are constantly thinking of new ways to steal your money or your data. We have to be one step ahead of them.
Being careful and treating every file you download as a potential threat is time-consuming. But it works to protect your devices. Never download files from untrusted sites; don’t insert your sensitive information into websites opened from email clicks.
Bogdan Sandu, a seasoned designer with 15 years of diverse experience, has been designing websites since 2008.
Renowned for his expertise in logo design and visual branding, Bogdan has developed a multitude of logos for various clients.
His skills extend to creating posters, vector illustrations, business cards, and brochures. Additionally, Bogdan's UI kits were featured on marketplaces like Visual Hierarchy and UI8.
Renowned for his expertise in logo design and visual branding, Bogdan has developed a multitude of logos for various clients.
His skills extend to creating posters, vector illustrations, business cards, and brochures. Additionally, Bogdan's UI kits were featured on marketplaces like Visual Hierarchy and UI8.
Latest posts by Bogdan Sandu (see all)
- The Peroni Logo History, Colors, Font, And Meaning - 21 May 2024
- Enhancing User Experience: Top Address Autocomplete APIs - 21 May 2024
- Crisp White Color Palettes for Clean Designs - 21 May 2024
