Malware in Image

By Atul Periwal.

You might be thinking of how a wallpaper can be a medium of malware? There might be an error but no, a wallpaper on android phone can be used as a medium of malware to crash your android mobile phone.

The image above, which can be directly downloaded from Google images, causes certain android phones to crash.

What is malware?

Before I explain to you about wallpaper as a medium of malware, I will explain about malware first. So basically malware is a paragliding word for malware that includes viruses, Trojan, ransomware, keyloggers, spyware, adware, worms, and so on. The exact motive can differ depending on the specific malware. The mutual interest among all of them is that they are all created with the goal of d and destruction.

Malware Wallpaper: What is it?

A member of Twitter i.e. Ice universe issued a warning on Twitter which states, “Never set this picture as wallpaper, especially for Samsung mobile phone users! It will cause your phone to crash! Don’t try it! If someone sends you this picture, please ignore it.”

When you download this image and set is as a wallpaper, an android phones tend to crash that make us to assume the maker of an image can have malicious intent. While some mobile phones after the crash can be rebooted and used in safe mode, some mobile phones can’t be recover. In such a scenario, it is natural to think that the picture has inserted some code that has caused the phone to crash.

To create this, the attacker has used the method called steganography. Using steganography, an attacker can insert malicious code in image and can send the image through different forms. Once the image is downloaded and opened, malicious code will automatically run on the device and perform its actions.

Malware Wallpaper: Causes

The investigation took place for this image and it was found that the image color changed when it was uploaded to Weibo. After the further investigation, they looked into the metadata of the image and discovered that Google Skia has a peculiar ICC colour profile-E3CADAB7BD3DE5E3436874D2A9DEE126. The investigation lead to the following:-

            Dimension: 1440 * 2560

            Colour space: RGB

            Colour profile: Google/Skia/ E3CADAB7BD3DE5E3436874D2A9DEE126

The colour profile for some Android devices tend to trip Google Skia’s graphics engine forcing them to reboot.

Technically while attempting to load the wallpaper with the embedded color profile, com.android.systemui.glwallpaper. ImageProcessHelper crashes from an ArrayIndexOutOfBoundsException.

When Android UI loads, the wallpaper loads which triggers another reboot. Due to that, the smartphone get stuck in a boot loop – which keep on rebooting when the wallpaper start loading.

Malware Wallpaper: Solutions

We can use a photo editor (like Photoshop) to remove the ICC color profile from the image and save the image without embedded color profile. It won’t trigger the malware, when we take a screenshot of the image and set it as a wallpaper. Another way is to use an EXIF software or app to remove the metadata from it which will also remove the colour profile. The only problem if we remove the colour profile is that it will make the image look less vivid.  

Conclusion

This wallpaper looks aesthetically beautiful but is it really important to download a wallpaper from an unknown sites or get it from a known or an unknown person? You might have a question as to what the problem is in transferring a picture from a known person. How would you know about the main source from where the wallpaper has been downloaded?

Don’t just get attracted to such wallpapers and download it from an unknown source. If you like to download it and set it as a wallpaper, download it from credible source like your phone company’s official Website/App. Please be safe and alert from the different methods that are used by attackers which causes harm to your digital systems as well as from Coronavirus that can harm your body system.