Today, I discovered a surprising trick used by hackers to target media professionals and media organisations.
I saw an interesting piece of information about the Labour Party Vice Presidential Candidate, Ahmed Datti on someone’s Facebook post.
I wanted to copy and publish it on my timeline, but unfortunately, the post did not come with the picture of Ahmed Datti. So, I decided to search for his picture on Google and add to my post to make it more appealing to read by my network and friends.
Using Google Image, I saw quite a number of his pictures and I chose the one I deemed of having a more better quality.
All these actions took place on my laptop computer.
Just when I clicked to download the picture, my antivirus software pops up with a notice that it has blocked a particular script from running on my web browser and that it has also stopped a certain file from being downloaded alongside the picture into my computer. I took time to analyse the reported file and the accompanying script, I found out it has the ability to escalate system account privilege and assume the Admin level rights on my system, which would translate to having full control of my computer and other associated computers if on a corporate network.
To break into pieces the premise upon why I brought this to your knowledge, it is pertinent to enlighten Media professionals, media organisations and media freelancers of the potential cyber threats posed by hackers who use backdoor mechanisms to infiltrate your system.
How Hackers Deliver their Malware into your Device:
Often, Media houses rely on Google searches to source pictures of events, people and places, to add “colour” to their reports. Cognizant of this, hackers deliver their malicious payload using images of much talked about people, events and places.
The moment you download the picture into a device without a licensed antivirus software with latest virus signature, a malicious script is downloaded and automatically executed in the device browser.
The script can do a lot of things, including stealing your stored log in credentials for your social media accounts, banking logging credentials, and other vital information stored in your device.
1. Ensure you have a licensed antivirus software installed in your device.
2. Ensure the virus signature database of the antivirus software is regularly updated to enable it detect zero day vulnerability (latest hacking method or loopholes).
3. Enable Realtime protection in the antivirus software setting.
This is an effort aimed at safe internet.
Be guided accordingly.