Skip to Main Content

Cute .PNG images could let cybercriminals on your Android phone

Images, memes, and other picture related content is basically one of the things you love to look at on your smartphone, right? After all that’s what they are for! And think of all the cute cat images you were sent from your friends or all the vacation pics someone decided to share with you!

Well – if you own an Android phone things are not as safe as they should be: One look at an image and you phone might be compromised – at least when it’s a .PNG one.

The cute puppy .PNG could be a trap!

According to the latest Android Security Bulletin there is a vulnerability in the framework that could enable a remote attacker to use a specially crafted PNG file to execute arbitrary code within the context of a privileged process.

That means an attacker could basically take an image of a cute puppy, booby-trap it, send it to your phone either via SMS or any other messaging means and the, once you have clicked on it, infiltrate you phone with more and more malware.

Patch is out – but probably not for your phone yet

While Google a fix is out – hence the mention in the February 2019 Android Security Bulletin – it has only been released for Pixel smartphones so far. So what does that mean for you? Basically that it might take some time until your mobile sees a patch.

You can stay safe nonetheless:  Don’t click on .PNG images from unknown sources. Yes, it’s that easy.

This post is also available in: German

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.