Cyber attackers are getting really creative and resourceful when it comes to infecting users and machines with Malwares. It’s as if regular hacking of websites and servers is not enough, these criminals are now targeting legit hosted websites and its images, and using them as a tool to exploit vulnerabilities while remaining undetected. What’s even worse is that the sites they are using are dominantly Google User Content sites. These are Google-hosted websites such as Blogger and Google+ including Google Search in general.
This relatively new and ingenious method of cyber attack is done by arming and inserting malicious codes into uploaded images on Google sites. This method is most convenient to hackers because images that are being uploaded are hardly scanned for any malwares. The embedded codes are set to automatically armed for deployment once they are uploaded. These codes are specifically injected within the online metadata (EXIF) of the images. This type of metadata is the ones generated by digital cameras to produce header information on JPEG and TIFF files. Hackers use the source code on the website and access the EXIF data from the images on that website. From there, malicious codes are injected and armed.
Not unless users or web admins check their website source code or image metadata, they wouldn’t know that there’s malicious content hiding in plain sight. In other words, anyone who downloads these infected images is at risk and their websites compromised. This in turn spreads across not just within Google hosted sites, but also outside. One noteworthy about this type of attack is that you can find it almost everywhere on the internet. Whether it’s a popular site, private or newly acquired, it all becomes vulnerable. That’s the reality of the world we are in. Threats are all around us – not just the ones we see, but the ones that are hiding from within.
All of this may sound scary but fret not, with bad comes the good. There are still ways we can protect ourselves and our businesses against these criminals. Simple ways like – not downloading images of unknown origins, easy to say I know but at least make sure that the image belongs to a very trustworthy site. Regularly performing a scan on our system for malicious threats and updating our browsers and software could also lessen the probability of an attack. Remember, it’s a big world out there so stay safe.