Internet memes offer good-natured entertainment through a witty combination of text, images and videos addressing mainstream culture and trending issues. Often considered harmless at face value, malicious code could lurk within these internet memes, spreading like a flu before anyone realizes the infection. 

Malicious memes, yet another threat vector

Memes can be easily distributed among groups and communities, disseminated quickly via social media handles, messaging apps and forums to a vast audience within minutes. Often perceived as innocuous and light-hearted content, internet memes make users less skeptical about sharing them or suspecting any ulterior motive. Their wide coverage and users' misplaced trust in these colorful memes have spurred interest among bad actors who weaponize them for malicious purposes like data and identity theft, or remote code execution.

Techniques used to exploit memes for cybercrime

Threat actors can exploit internet memes to launch cyberattacks in many ways including:

Personal data mining: By using harmless-looking memes, cybercriminals ask victims to volunteer information about themselves. For example, memes appear as Facebook posts asking questions like, “Which is your birthday month?” or “The street you grew up on.” These seemingly fun prompts often mimic account recovery security questions. In response, users unknowingly provide hackers with valuable data.

Social engineering attacks: By analyzing social media activities hackers gain insight into user preferences and routines. This personal data is used to customize social engineering scams to surprise victims and entice them to proceed with the next step in the scam.

Targeted phishing attacks: By analyzing the memes victims post, their public profiles, and their social network interactions, cyber attackers can exploit the emotional vulnerabilities of victims through highly tailored and contextually sensitive phishing emails.

Steganography: Attackers employ steganography to conceal malicious commands within the pixels of an image file, which are often encrypted or encoded to evade detection by security tools. When the meme is shared or downloaded, the concealed code is retrieved by malware already on the victim's device. This code can then carry out malicious operations, such as stealing information or hijacking the system.

Command and control (CnC) communication: In some cases, memes are used for communication with infected systems. Trend Micro security researchers discovered malware in some memes that could download malicious commands through hidden code. After being installed on a system, the malware carried out several functions, including capturing local screenshots, compiling a list of running processes, scanning for vulnerabilities, capturing clipboard copy, and sending files back to the attacker.

How to protect yourself from harmful memes

Data breaches, business disruption, loss of employee trust and productivity can occur as a result of malware-infused memes. Organizations can apply the following best practices to help employees make smarter security decisions: 

Train users: Awareness is the best defense. Train users and employees about the dangers posed by memes and other seemingly innocuous content. Regular simulated drills can enable employees to effectively identify and counter malicious memes and related attacks, as well as staying updated on the latest threat tactics.

Advanced AI-based security: Companies can detect concealed data in files to block steganography and other advanced threats by searching for unusual patterns in user and system activity that may indicate malicious activity. Machine learning-based AI security models can scan large volumes of data to identify anomalous patterns in user access and data access behaviors.   

Enforce user controls in social media: Companies can avoid system weaknesses, ensure data privacy, and protect users by establishing user controls to manage what staff members can see and publish on social media sites.

Confirming the source: Employees should be reminded to verify the source of any meme or content before opening links or downloading files. Avoid sharing memes from unfamiliar or untrusted accounts.

Internet memes are a popular medium of online communication. Cybercriminals are refining their methods to use malicious memes as a tool to bypass security controls by embedding dangerous code into image files. By training users on the various techniques employed by adversaries, generating awareness about the potential of memes to spread malware and installing advanced security measures, organizations can help curtail the threat posed by malicious memes.