Highlighted
Active Level 4
 A brand new “malware” for Android just appeared! This time, it’s in the form of an image. Yea, it’s a seemingly nice view of the lake with an island in the middle. However, once you set this image as your background, you’ll be crying.

A quick update – we made a video version summarizing the entire saga on how and why this happened. We know all the answers now.


image


This message was first brought up by Ice Universe, and he quickly said that it only happens on Samsung phones. Throughout my personal tests, it happened to a new Samsung mid-range smartphone but not the Galaxy Note8.

After using this image as a wallpaper, it prevents the phone from entering into the lock screen. Then, the phone enters a bootloop as fail-safe mechanism, which just repeats the whole bootloop a few more times. Eventually, it’ll enter the recovery menu.

If you eventually end up in safe mode and manage to change the wallpaper away, then you’re safe. Else, safe mode isn’t going to help you out on anything. The only thing that can be done now is factory reset your phone. Yes, all data will be wiped away – but at least the phone works after that.

We have asked around what’s going on while we’re doing investigations on our own. From what we know, this image is embedded with some specific codes to cause this issue. Opening up the image using a hex editor showed that it does have metadata stating “Google Inc. 2016” and “Google Skia”.

Currently, this exploit happened on Android 10 devices regardless of brand.

Keep checking back as we’ll be updating this page when more information comes out.

UPDATE: The image’s color changes when it is used as a wallpaper and after few reboots

When I first saw the image, the colors were very vivid. Then after setting it as the wallpaper (which you should not do), then the image turned dimmer – especially the sky and clouds.

We’re still unsure why this is happening, but downloading the image from social media seems to be fine since the compression on Facebook and Twitter is horrendous, thus saving us from this “malware image”.

UPDATE: The image works via metadata

It seems like we have discovered the cause of this issue. Ice Universe is right – the whole issue comes its color gamut. From what we discovered, the whole thing works because of its metadata.

We used a simple image metadata stripper and removed 8078 bytes of data.


image


After that, we viewed the image with its metadata stripped – and here is the comparison between the two images. That 8078 bytes of removed data caused the colors of the image to shift by a lot!


image


The full dynamic range of the picture (hence the bright colors of the original image) can only be viewed with certain apps. Even on Windows PC, the default Windows 10 Photos app is unable to display the bright colors. In Photoshop, it can.

It seems like we have the answer to how it is happening – but why is it happening? 🤔

FINAL UPDATE: We found out the issue

After talking with a few industry experts and looking at the recovery log, we are finally able to determine the cause of this bootloop. From the looks of it, it created and >
We took the original image and looked at the ICC profile (color profile) and found out that this wallpaper is using the Google Skia color profile. I’m not sure why an image with Google Skia’s color profile isn’t functioning properly with Google’s own mobile OS.


image


Either way, removing the ICC profile means degradation of the overall colors, but it does prevent the whole bootloop from happening.

This is the Original image wallpaper. (Do not use)

image
This is the link :

  • Link hasbeen removed for user safety...

It can ruin your device...

Better to inform #Samsung

Webpage link :

content://com.sec.android.app.sbrowser/readinglist/0601125404.mhtml
6 Comments
Highlighted
Beginner Level 4

Don't you know the human nature. Why are you providing the link to download the image?

Reply
Loading...
Highlighted
Active Level 8
yes bro please remove this link from thread...otherwise i will report you. it's request because of safty otherwise some **bleep**'s want to try that how it's works or not and then his/her devices go into bootloop.
Reply
Loading...
Active Level 4
ok . sure. i am removing the link guys. N Thanks
Reply
Loading...
Highlighted
Active Level 8
thanks bro👍😍
Reply
Loading...
Highlighted
Active Level 4
u welcome
Reply
Loading...
Highlighted
Beginner Level 4
Thanks bro
Reply
Loading...