Malware can enter your machine through corrupted images on any website. Malware is stored in Exchangeable Image File Format (EXIF) data. Recently instances have occurred where in hackers are hiding malware in the images and uploading such images to the Google’s official CDN (Content Delivery Network) – googleusercontent.com.
How malware is embedded in an image?
In the image data, EXIF headers are automatically generated by camera to store camera information in JPEG and TIFF files. Hackers exploit this EXIF metadata to inject malicious code within the image. Many times hackers use this filthy trick to upload such code in the existing images of a website.
With this trick, malicious code is patched on the website in plain sight without anyone even knowing about it. “Unless you decide to check their metadata and know how to decode them in each particular case, you’ll have absolutely no idea about their malicious payload,” the Sucuri researchers said. “It’s hard to say where the images originate from, as their URLs are anonymized and have the same format.”
This way hackers have started using Google as a free alternative for hosting their malicious code. Its way more challenging to detect malware in a image file compared to text files. Image files can hide them in much sophisticated ways. An image will look perfect unless we decide to scan their metadata for any malicious payload. Also its hard to detect such images in googleusercontent for Google. As its difficult to trace the image origins.
How to avoid?
- Use reliable and trustworthy third party softwares.
- Deploy a good firewall in your network.
- Keep monitoring everything that is downloaded on your servers.
- Always use strong passwords.
It is always best to be on high alert while in business instead of regretting later. So its a best practice to keep checking your network vulnerabilities every once in a while.