In recent years, cyber-attacks against individuals, businesses, and organizations have increased. Cyber criminals are always looking for effective vectors to deliver malware to victims in order to launch an attack. Images are used on a daily basis by millions of people around the world, and most users consider images to be safe for use; however, some types of images can contain a malicious payload and perform harmful actions. JPEG is the most popular image format, primarily due to its lossy compression. It is used by almost everyone, from individuals to large organizations, and can be found on almost every device (on digital cameras and smartphones, websites, social media, etc.). Because of their harmless reputation, massive use, and high potential for misuse, JPEG images are used by cyber criminals as an attack vector. While machine learning methods have been shown to be effective at detecting known and unknown malware in various domains, to the best of our knowledge, machine learning methods have not been used particularly for the detection of malicious JPEG images. In this paper, we present MalJPEG, the first machine learningbased solution tailored specifically at the efficient detection of unknown malicious JPEG images. MalJPEG statically extracts 10 simple yet discriminative features from the JPEG file structure and leverages them with a machine learning classifier, in order to discriminate between benign and malicious JPEG images. We evaluated MalJPEG extensively on a real-world representative collection of 156,818 images which contains 155,013 (98.85%) benign and 1,805 (1.15%) malicious images. The results show that MalJPEG, when used with the LightGBM classifier, demonstrates the highest detection capabilities, with an area under the receiver operating characteristic curve (AUC) of 0.997, true positive rate (TPR) of 0.951, and a very low false positive rate (FPR) of 0.004. INDEX TERMS JPEG, image, malware, detection, machine learning, features. I. INTRODUCTION Cyber attacks targeting individuals, businesses, and organizations have increased in recent years. Infosecurity magazine declared that cyber attacks doubled in 2017. 1 Cyber attacks usually include harmful activities such as stealing confidential information, spying, or monitoring, and cause harm (sometimes significant) to the victim. Attackers may be motivated by ideology, criminal intent, a desire for publicity, etc. Attackers are constantly searching for new and effective ways to launch attacks and deliver a malicious payload to The associate editor coordinating the review of this manuscript and approving it for publication was Inês Domingues. 1 https://www.infosecurity-magazine.com/news/cyberattacks-doubled-in-2017/ victims. Files sent via the Internet have often served as a means of accomplishing this. Since executable files (i.e., * .exe) are known to be dangerous, attackers are increasingly using non-executable files (e.g., * .pdf, * .docx, etc.) which are mistakenly considered to be safe for use by most users. Some non-executable files allow...