Alert: Memes could have malware and take control of the device

Cybercriminals don't miss any opportunity to breach victims' computers

Memes are a form of expression that became a worldwide trend. Whether it is because of a serious event such as the earthquakes in Mexico, the release of a film such as Spider-Man and Batman, or practically anything else, they flood social networks, however, some of them could be contaminated with malware.

Malware is malicious code, also known as viruses or Trojans, that are installed on the victim's device to perform harmful actions to the computer system, some of its most common practices are stealing information and deleting files.

Because they can be extremely dangerous for users who innocently surf the Internet and open a meme, it is necessary to make known the vulnerability, which, according to ESET, was detected since 2017.

The cybersecurity company points out that year, a group of researchers found malware propagated from a Twitter account, whose malicious instructions were hidden in code that pretended to be a meme, that is, a Trojan.

(Photo: ESET)

But it wasn't just any Trojan, it was a remote access trojan (RAT) that tried to control the computer it infected. By downloading the file, it could silently infect a computer, taking screenshots or extracting other data from the affected system, which it sends to a specific address.

As they explain, this is a technique known as steganography, which hides messages that are sent without the affected user noticing what is happening.

“The meme was intended to be transmitted through steganography, a technique of encrypting messages that dates back thousands of years and which allows messages to be sent camouflaged inside an object or container, so that they go unnoticed.”

It should be noted that steganography is not malicious in itself, as it is used to send secret messages and avoid censorship, however, cybercriminals have seen it as an opportunity to distribute malware through it.

(Photo: ESET)

In this way, it was implanted in a Tweet that looked like a harmless meme, so that users were infected without realizing it, since the malware was hidden.

“It was never clear where the malware came from, how it initially infected its victims or who was behind it, what was known was that whoever downloaded that meme to resend, publish or save it, was in danger.”

As security researchers soon became aware of this attack, it was quickly exposed, causing the culprit account to be closed. Even so, it is unknown what the scope or consequences of such malware may be and when another similar attack will be repeated.

A person uses a laptop, in a stock photo. EFE/Sascha Steinbach

ESET specialists point out that it could have been “a pilot test to develop new and different types of malware that we are surely seeing now or in the future”.

Considering that malware and Trojans can only access computers if they are given permission, the recommendations are:

- Never open an email attachment or run a program if you are not sure that the source is 100% reliable.

- Keep applications and software always up to date to avoid vulnerabilities.

- Install a reliable antimalware solution to maximize your protection levels.

KEEP READING