With every passing day, more and more internet security exploits threaten users’ safety online. From viruses to compromised wifi networks, and phishing attempts to rogue USB drives, the threats seem endless. One lesser known threat, and one that may surprise you is compromised images.

Malware can be injected into digital photos that appear to be perfectly normal. Steganography – or the practice of hiding one file in another – is how this is accomplished, although it’s not always done with malicious intentions in mind. To accomplish hiding malware in an image, the threat takes advantage of the hidden data that come along with an image – or data that isn’t translated into pixels on your screen.

Most image formats can be used to attach malware to. Typically, the more popular the picture, the more likely it will be used by cyber criminals. Users are commonly exposed to the images by viewing them on websites or by them being embedded in documents.

Details of how the malicious threat is attached to the image will be different depending on the situation, but there are different ways that it can happen. It can be attached through individual bits of code, through the end of a file, or through changes in metadata associate with the image file.

In a recent attack, ObliqueRat malware was attached to a bitmap file that was being displayed in a browser tab. A Microsoft Office email attachment was used to direct victims to the image. A variety of other methods could be used to make this happen, but in the end as long as the image is loaded, the exploit will work.

No matter how it happens, the image stores the malicious malware. They can store code that sets up a ransomware request, or starts mining crypto of the victim’s machine. There are many different variations of how the malware can be attached to an image, and it doesn’t even stop there. Video files and documents work as well.

One reason attackers opt to use images as their method of attack is because they seem a lot less threatening than say, an executable file. You might pass on downloading a suspicious app you don’t have a lot of knowledge about, but if someone sends you an incredible photo of space, the thought that the photo might be a threat likely won’t even cross your mind.

You may be wondering if it’s safe to ever load an image in a web browser again. To be on the safe side, the setting in Chrome to turn images off can be found at Settings > Privacy and Security > Site Settings > Images. Once there, you would just click on “Don’t allow sites to show images”.

The good news is that web browsers are equipped to look for this type of online threat and should shut down malware attacks that might present itself in an image before they can do damage. Computer security is never 100 percent guaranteed, but as long as your browser is always up to date, you’re most likely going to be fine loading images normally.

You might be wondering - what about images on Social Media? Images on social media sites are modified and compressed so much on their way to the data server that it makes it incredibly hard for threat actors to hide malicious code in the images.

Also, for as convenient as it might seem for a cybercriminal to infect an image with malware, it’s still not a particularly common threat. It’s still worth being aware of this threat, however.

Ways to fight against the threat of malicious images is similar to any other security threat. You should always make sure you’re running the latest version of the software you’re using, be cautious of opening images from sources you don’t trust, and implement a third-party security software on your computer.

Story via Gizmodo