Have you ever thought of your images as potential vehicles to spread malware? Two months ago a security expert found malware hiding in the EXIF header of a JPG image. Using images to infect computers with malware isn’t new but the novelty here is the way the malicious code was hidden.

Peter Gramantik, of Sucuri, discovered a new form of backdoor on a compromised site. A backdoor is a hidden method for bypassing normal access to a website’s code. Typically a backdoor would hide its content via patterns like base64 or gzip encoding. This time the code was placed in the EXIF headers of a JPEG image and used the exif_read_data and preg_replace PHP functions to read the headers and execute itself.

If this is not technical enough for you, read the details here.

Interestingly the compromised image itself still loaded and worked properly making the malware’s presence and effects invisible. That’s called steganography.

Is this going to incite even more stripping of EXIF data (and most likely IPTC data with it)? It is certainly one possible solution to this security problem.

** UPDATE 11 Feb. 2014 **
The same security researcher has now found a malware injection attempt that reads JavaScript code stored in an hidden PNG file’s metadata to trigger iFrame injections.