Skip to Content
PNG images hiding malware
© Andrey Popov |
Security & privacy

Hackers are hiding malware in PNG files – Here’s what to watch for

More people are wising up to how malware is distributed, leading hackers to try different methods to infect your devices. Popular ways of compromising devices have been through malicious attachments such as Word documents or PDF files.

These files are easily manipulated to spread malware. But some hackers are changing tactics and using something less obvious to spread malicious code. They’re hiding malware in PNG files.

Read on to find out how they’re doing it and what to watch for.

Here’s the backstory

Microsoft Word and Excel files contain macro functionalities, which enable the creator or a contributor to run a small batch of code. It’s convenient when the document is attached to an external data source, inputting information as needed.

But some hackers are turning to something a bit more troublesome. Generally, Portable Network Graphics (PNG) is a file format with minimal compression and is similar to the better-known JPG format. A harmful image file, right? Wrong.

According to cybersecurity company Avast, hackers now use steganographic embedding to compromise PNG files and attack high-profile companies and government agencies.

Essentially, “steganographic embedding” is when malware is coded into an image file, and it’s tough for antivirus and anti-malware software to detect. Once a compromised file lands on a targeted device, it goes through several processes before extracting information.

However, the primary component of the malware is to open a backdoor to the compromised computer. Once created, hackers can run up to 10 commands, including uploading data to the machine through DropBox, downloading information into the hacker’s DropBox and deleting any files on the device. 

Avast explained that stealing data is the hacker’s ultimate goal. While the examples discovered have been targeting governments and high-profile companies, the technique can be used to target anyone, including you. That’s why you must be careful when dealing with seemingly harmless images.

What you can do about it

Researchers first encountered this malware in May last year and noted that most targets are government organizations across the Middle East, Southeast Asia and South Africa. With an updated version, hackers targeted energy companies in Central Asia and public sector entities in Southeast Asia.

As we said, cybercriminals can target you with this technique at any moment. There are a few things that you can do to stay safe. Here are a few suggestions.

First, if you receive a text message or email with an image or attachment from an unknown sender, don’t click on it. It could be malicious and infect your device with malware. It’s best to delete the message and block the sender if you don’t know them.

Next, ensure that your operating system and apps are updated. Having the most recent versions of your programs means you have the latest security patches to help protect against cybersecurity threats.

Finally, have trusted antivirus software on all of your devices. This will help protect against malware and other cybersecurity threats. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

Check your phone! Malware apps with millions of downloads spotted

Hundreds of national and local news sites hacked to push malware

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days