Google Images is a great tool for finding pictures, logos, graphical information, and some digital inspiration.
Available for everyone, all you need to do is to type the relevant keywords and navigate through the search results to pick whichever you want.
Some user reports suggest some Google Images are plagued with drive-by download attacks, malware, and hidden executable code.
Therefore, you may be wondering if these claims have any merit and whether or not you have to stop using Google Images.
In this post, we’ll show you how scammers can use Google Images to pass viruses to your system, how likely you are to get infected, and how you can stay safe from them.
Can You Get A Virus From Google Images?
Whether a Google image can transmit viruses to your computer depends on how you use it.
When you type something and hit the search button, it’ll show you a list of image results, called thumbnails.
What you see in thumbnails aren’t original photos but a preview of them from the Google server.
Google has re-encoded these graphic files to represent a smaller version of the image.
Therefore, you won’t be at risk at this point since you’re dealing with Google rather than a malicious site.
Even if you download the preview by right-clicking on it, nothing will threaten you.
Things are different when you left-click on one of the thumbnails, however.
Once you do, the picture enlarges and appears in a black frame, with similar search results at the bottom.
Now, you’re retrieving the file directly from its host website, exposing your PC to all the associated risks of opening an unknown source.
The third possibility is when you click on the “visit page” or “view full image” options, which could also be unsafe since you’re again traveling through its main page.
If the website is being run by a cybercriminal or anyone trying to lure you into downloading something, you could get yourself into trouble.
How Likely Are You To Get A Virus From Google Images?
Some say it’s not very likely to get a virus from Google Images because Google checks the photos before archiving them.
If a website contains spyware or viruses, it’ll exclude its photos from the thumbnails, so you won’t even see them, let alone open them.
The problem is that Google only does the scanning once and doesn’t repeat the process while crawling or displaying the photos.
If the source alters the image after publishing it, it’ll remain on Google’s archive as a legitimate file.
Sometimes, even the website itself falls victim to scammers.
A third party may hack the website and inject a virus into its content.
This way, they can purport to be safe, thereby realizing their filthy intentions.
When you click on a hacked photo, it takes you to the wrong URL instead of the genuine image source, forcing you to download malware.
According to a HuffPost article on Google Image poisoning, about 5,000 hacked sites exist on the web, which may draw 500,000 daily viewers into attackers’ trap.
What makes the situation even worse is that these attackers know where to target.
They usually exploit the most popular content, such as celebrity images, the latest breaking news, and meme trends.
They also use specific scripts to scan top Google queries, update their content accordingly, and get a higher rank in Google images.
Contrary to what some people say, it’s more than probable to get a virus from opening a Google Image since it’s a large source of badware in the virtual world.
However, the claim is true only if you have a vulnerability in your system.
How Can An Image Carry Viruses?
Theoretically, an image can’t contain a virus since PNG, JPG, and WEBP files can only contain graphical data, not executable codes.
However, an advanced malware programmer can exploit different techniques to infect your PC through an image file.
Here are a few things they could do.
1. Link Submersion
Some fraudsters distribute their photos with a link inside, the very same ploy that spam and phishing emails use to get you to download something.
The only difference is that most of us know not to open a suspicious email, but we don’t take the same caution when it comes to Google search.
This tactic is mainly used by spammers trying to lure visitors, advertise their products, or run spyware on your system.
Because of that, they usually include free downloadable pictures to entice you.
Those who hack lawful websites also use this method.
2. Double File Extension
Another scheme is to name the files with a double extension.
In this method, the code writer crafts a file with a JPEG header and .exe or .vbs formats, so the file just pretends to be a picture.
Think of a file named beautiful.jpg.exe. While the name includes a jpg suffix, the main extension is .exe—an executable format, which can run malicious code on your computer.
As soon as you open the file, it’ll affect your operating system.
The worst part is that you may not even notice because it really displays a beautiful picture, and your system probably displays it as a valid JPEG file.
In the third method, a phony website conceals some kind of information within an ordinary image file.
Though the file seems innocuous, it can do more than display an image.
Steganography is among the smartest ploys by cyber-attackers because it’s virtually undetectable unless you run the image through a special program.
It involves hiding information in the least important bits of the bytes that make up your image.
Although the file contains extra information, you won’t notice it because the changes in the image aren’t significant, and your eyes can’t tell the difference.
Cybercriminals use this technique to pass badware to your system or communicate with existing malware.
Most of the time, the hidden data can’t execute anything by itself.
It’s a kind of static data that another program can process or interpret, such as your image viewer or existing malware.
Do You Have To Give Up On Google Images?
So far, we’ve shown you how some images on Google Images can be dangerous for your computer.
Should you stop using the platform?
The answer may vary depending on what photos you usually search for and why you need them.
If you need something to include in your blog posts, use for art projects, or commercial purposes, you’re better off buying images from reputable photography websites.
It not only protects you against copyright infringement but also against potential viruses.
More importantly, you’ll get better quality photos.
However, if you’re haphazardly exploring the net for information or need an image for personal use—e.g., as your desktop photo—Google Images is a better and cheaper solution.
Just make sure to take security precautions when doing so and give celebrity images—and their likes—a miss.
How To Avoid Virus-Holding Photos
Depending on what method the fraudster has used, you can use various protective measures to stay clear of infected Google images.
1. Update Your Web Browser
A secure and up-to-date web browser doesn’t automatically run links inserted in a photo without your permission.
It neither misdirects you to any untrusted website nor downloads anything without your permission.
Also, if any suspicious autorun link pops up, it sends you a warning notification.
Hence, a menacing website fails to deceive you, no matter if it’s through Google Images or any other vector.
2. Use The Latest Photo Viewer
Some internet imposters leverage zero-day exploits to infect your system.
It means they hold attacks on the same day they track a vulnerability in software, namely your photo viewer.
A new viewer with cutting-edge features guards you against these exploitations because it fixes a flaw before the spyware gets the chance to discover it.
3. Check Photos’ Origins
More often than not, the image you open doesn’t cause your virus problem, but the website hosting it does.
It’s best to check the website’s reliability before enlarging its photos.
It’s important to note, however, that a top-ranked website isn’t necessarily a reliable one.
Bad guys can always use SEO to get to the top of Google’s search results.
If you have any doubts about a site’s reliability, don’t risk viewing its content.
A web reputation service that offers ratings for different websites is a practical assistant.
4. Try NoScript
NoScript is a free browser extension for Google Chrome, Mozilla Firefox, and SeaMonkey.
This extension especially guards you against hacked websites, from which you don’t expect to receive malware.
5. Change Windows Settings
We learned some bad guys might leverage file naming conventions to keep the .exe or .vbs suffixes out of your sight.
You can change your OS settings so that it displays all the file extensions, not just the first one.
This way, you can uncover double file extension ploys.
Here’s what you should do:
- Search “Folder Options” through your windows search bar.
- Once opened, go to “View” and unmark the option, “Hide extensions for known file types.”
- Press “OK” to confirm the changes.
6. Turn On Windows Update
Most users tend to disable Windows auto-updates because the process takes too long, and they want to control when to do it.
Some may even refuse to update their system at all since they believe it’ll cause them more troubles than benefits.
Regular updating is a key measure to prevent zero-day exploits.
Although automatic updates can sometimes become annoying or interfere with your work, they do a good job protecting you.
Here’s how to activate it on PC:
- Go to “Settings” from the Start menu at the bottom left of the screen. (A cogwheel icon shows it.)
- Click on “Update & security” and go to “Advanced options” through the Windows Update tab.
- Open the drop-down menu that appears under “Choose how updates are installed.”
- Select “Automatic (recommended).”
7. Have An Antivirus
Having virus removal software can also come in handy when it comes to Google Images.
You need to make sure you’re using its most current version, adjust its settings to get updates in a daily manner, and activate its real-time scanning mode.
Search for software that serves as antivirus and anti-malware at the same time.
Malwarebytes is a respected antivirus provider that also shields you against zero-day exploit attackers.
Another important point is to avoid purchasing or downloading unknown antiviruses, especially if it appears like a pop-up ad on your screen.