Hackers are hiding malware in PNG files - Here's what to watch for

More people are wising up to how malware is distributed, leading hackers to try different methods to infect your devices. Popular ways of compromising devices have been through malicious attachments such as Word documents or PDF files.

These files are easily manipulated to spread malware. But some hackers are changing tactics and using something less obvious to spread malicious code. They’re hiding malware in PNG files.

Read on to find out how they’re doing it and what to watch for.

Here’s the backstory

Microsoft Word and Excel files contain macro functionalities, which enable the creator or a contributor to run a small batch of code. It’s convenient when the document is attached to an external data source, inputting information as needed.

But some hackers are turning to something a bit more troublesome. Generally, Portable Network Graphics (PNG) is a file format with minimal compression and is similar to the better-known JPG format. A harmful image file, right? Wrong.

According to cybersecurity company Avast, hackers now use steganographic embedding to compromise PNG files and attack high-profile companies and government agencies.

Essentially, “steganographic embedding” is when malware is coded into an image file, and it’s tough for antivirus and anti-malware software to detect. Once a compromised file lands on a targeted device, it goes through several processes before extracting information.

However, the primary component of the malware is to open a backdoor to the compromised computer. Once created, hackers can run up to 10 commands, including uploading data to the machine through DropBox, downloading information into the hacker’s DropBox and deleting any files on the device. 

Avast explained that stealing data is the hacker’s ultimate goal. While the examples discovered have been targeting governments and high-profile companies, the technique can be used to target anyone, including you. That’s why you must be careful when dealing with seemingly harmless images.

What you can do about it

Researchers first encountered this malware in May last year and noted that most targets are government organizations across the Middle East, Southeast Asia and South Africa. With an updated version, hackers targeted energy companies in Central Asia and public sector entities in Southeast Asia.

Continue reading

Tech support' asking you to download an app to your computer? Here's a new reason to say no

Struggling with an application or website might prompt you to reach for the phone and call tech support. It’s not a bad idea, and that is why the helpful tech support is there. But it becomes dicey when you search for the number online.

Continue reading

This antivirus software is a danger to national security

Open/download audio

Kaspersky, a Moscow-based cybersecurity company, was just banned in the U.S. If you use its popular antivirus software, here’s why it’s time to ditch it.

You should remove Russian-based Kaspersky antivirus from your computer - Here's how

You must have antivirus software on your devices to protect against malware and phishing attacks. But there are now fears that the Kremlin could turn one of the most popular Russian antivirus programs into a tool of war. As Russian President Vladimir Putin continues the invasion of Ukraine, there are worrying signs that the battle could shift from ground troops to cyberattacks.

Continue reading

Malware exposes passwords saved in browsers - Check your data now

There are plenty of passwords we need to remember for online accounts, but too many people make the mistake of using the same one for multiple sites. If one site is breached, your other accounts are also at risk.

There are a few options to make remembering account credentials easier. One of the most convenient ways is using your browser’s ability to store them for you.

Continue reading

Using Craigslist to buy or sell? Beware of this security flaw

Craigslist has been a popular site over the years for people to buy and sell things and look for services. While its user base has steadily been dropping over the last few years, many people still use it. Tap or click here for the best app for finding someone to paint your house, clean up your lawn or take on a bigger renovation project.

Continue reading