Computers can now become infected by malware by viewing certain images, here's what we know

Updated
by Matthew Hillier

A new type of malicious software has been found in image files, according to researchers.

Computers can now become infected by malware by viewing certain images, here's what we know
© Olemedia - Getty Images
Computers can now become infected by malware by viewing certain images, here's what we know

New evidence has emerged that shows it may now be possible that your computer can become infected by malware simply by viewing PNG images. Researchers have found that the files can contain something called ‘threat actors’ that then deliver malicious payloads, as per Tech Radar.

Discover our latest podcast

Reports show that a prevalent cyber threat actor called Worok is active at the moment. So far, it has been mostly targeting high-profile victims like government organisations around the Middle East, Southeast Asia and South Africa.

What are PNG files?

PNG is an image format that launched in 1995. Originally called PING, it went on to be shortened to the name it has today. Adobe describes them:

PNG is short for Portable Network Graphic, a type of raster image file. It's a particularly popular file type with web designers because it can handle graphics with transparent or semi-transparent backgrounds. The file format isn’t patented, so you can open a PNG using any image editing software without the need for licensing.

PNG files are being targeted because they can be altered and used as executable data without affecting the integrity of the image. This also means that they are hard to detect with conventional malware scanning software, as per Hot Hardware.

thumbnail
New evidence found of malware infecting image files. Here’s what we know Witthaya Prasongsin - Getty Images

What it means for you

At this stage the level of the threat is still unknown but currently it is mainly restricted to powershell users - a task automation and configuration management program from Microsoft - which includes PCs with a Windows operating system.

However, it is an indication of how malware is innovating and evolving into something very difficult to detect. Advanced hacking techniques are increasingly sophisticated and pose a threat to everyone. Chuck Everette, director of cybersecurity advocacy at Deep Instinct said, as per SC Media:

These types of threats should be a major concern for everyone since although the Worok cyber criminal group targets victims in Asia and Africa this week, it does not mean they couldn't switch targets elsewhere — or have not already done so.

The best things companies can do, according to Crowdstrike, is:

  • Educate employees on cybersecurity to reduce human error.
  • Use multifactor identification and change passwords frequently to keep data safe.
  • Monitor employee activity to identify possible insider threats.
  • Install cybersecurity software to block malicious actors.

This advice is the same for individuals and, in addition, you can consider using a virtual private network (VPN) for an extra layer of protection.

Sources used:

- Tech Radar 'More malware is being hidden in PNG images, so watch out'

- Adobe 'PNG files'

- Hot Hardware 'How Hackers Are Poisoning PNG Images With Malware Payloads'

- SC Media 'Worok threat group observed using new tools, techniques in cyberattack'

- Crowdstrike 'THREAT ACTOR'

Cybersecurity: These 3 signs could indicate that your phone is infected with malware Cybersecurity: These 3 signs could indicate that your phone is infected with malware
Read more
More