Are Chinese hackers embedding ‘phishing codes’ in images? Fact Check

ByCraig Haley

A warning is spreading claiming that hackers in China have designed pictures or movies that hide “phishing codes” and receiving one will result in hackers being able to steal information from the recipient’s device.

FALSE

An example of the warning can be seen below.

Morning Wishes/Messages.
Please read this warning coming from China from the Shanghai International News today it sent an SOS to all subscribers (this is the third reminder) that experts advise & recommend: Please don’t send Good morning, good night, or any funny festivals greetings such as pictures & movies etc..The reports state that hackers in China have designed the pictures, movies so perfectly for hiding phishing codes within them, when everybody forwards and sends those, they will go and steal personal information from your device. It is reported that more than 500,000 fraud victims have already been scammed. If you would like to greet one another, type your own message to protect yourself, as well as protecting your family and friends.
(Very important). Delete all previously and later greeting designs, pictures for your own safety, and that of friends to avoid hackers phishing. THEY CONTAIN EMBEDDED “GIFs” PROGRAMS that steal your personal data, Credit Card numbers and Pin’s. Greet each other by typing own words or use completely self made picture, videos. Self created material is completely safe.

The warning, which has been circulating social media since 2017, isn’t accurate. The grammatical nightmare of a warning, which uses vague, confusing terms like “phishing codes”, appears to be describing a threat whereas hackers could send malware-laced images or videos that – when opened – could infect a victim’s computer with malware or be used to steal personal information from a victim.

However, no such widespread threat matching such a description exists.

Another predominant issue with the warning – even if we overlook the confused pseudo-jargon, brazen grammar errors and lack of any known matching threat – is that it is simply too vague. The warning does not include pertinent details such as what websites or mobile apps are affected, or which platforms are being used to allegedly proliferate such malware-laced media, or how the attack works from a technical perspective.


Sponsored Content. Continued below...




Looking back through history, there have been a handful of attacks that have vaguely resembled the warning, though all are now no longer current issues.

For example, a limited threat briefly affected users of WhatsApp Web in March 2017, whereas crooks could send images laced with code to WhatsApp users that could redirect to potentially malicious websites, but this was limited to those who used WhatsApp on an Internet browser, and didn’t affect the bulk of users who used the WhatsApp mobile app. The vulnerability was fixed soon after it was initially reported and there had been no reports of the vulnerability being exploited.

Going back even further, to the 1990s, various now-long-out-dated security flaws in early versions of Windows would allow crooks to embed nasty code in JPG or GIF images. But needless to say, these archaic flaws have long been fixed.


Sponsored Content. Continued below...




As such, there are no matching threats. The claim in the viral warning that 500,000 fraud victims have “already been identified” seems to have been conjured from thin air, and has accompanied the hoax warning since it first surfaced in 2017.

Since the warning appears to be entirely fiction, we rank it false and do not recommend sharing it with your friends as it will not be helpful and likely only serve to confuse most readers.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)