Steganography: learn how to identify malware hiding in photos

The network is filled with a wide variety of digital scams, some of which are gaining more importance from time to time. In this context, one of the issues that is subject to increasing debate is steganography.

Never heard of the app? So keep reading, in the next few lines we will explain what steganography is, how it happens, and tips to avoid falling victim.

What is Steganography?

The practice of steganography is often confused with encryption, as both techniques aim to protect the confidentiality of information. But we are talking about completely different things.

In cryptography, information is visible but understandable. In other words, it is known that it exists, but it is only possible to access the information with the decryption key.

Steganography allows: hide code in the least important parts of an image, changing information in specific pixels. This makes changes almost unnoticeable, especially in the PNG format, due to the wide encoding possibilities.

“The information hidden in the files is limited to the size of the visible file, which allows it to go unnoticed. Several cases have been identified where images were used in one way or another to distribute malicious code”, commented Camilo Gutiérrez. Amaya is head of ESET’s laboratory research project in Latin America.

“So the image of a cute kitten could serve as a cloaking method for other files containing malware or downloading malicious apps to Android,” the expert continued.

How does steganography work?

Although commonly used with images, there are other techniques for performing steganography. Some of the most common are:

Audio Steganography

It is similar to image steganography but applied to audio files. In this case, minor changes are made to the audio data to include confidential information.

Steganography in text

Here the information is hidden in the normal text. This can be done for example: using special characters or leaving spaces between words to represent bits of information.

Network steganography

This technique involves hiding data in network traffic. For example, a file may be split into small packets and spread over multiple regular data packets, making confidential information difficult to detect.

Steganography in compressed files

Compressed files such as ZIP or RAR may contain confidential data. By doing this, data can be added to unused parts of the file or metadata.

How is steganography defined?

If an image file is modified with malicious code, it will most likely become corrupted, not comply with formatting standards, and not be displayed correctly. These are the first warning signs that we should pay attention to and distrust.

For example, on social media, Sharing a photo containing malware is even more complicated. Once loaded, it undergoes changes in size and recompression to the point that some colors in the image may be cropped or corrected.

“With social networks being the main epicenter of image sharing, it is very likely that cybercriminals will continue to hide malware in an image thanks to the ease of steganography,” believes Amaya.

“Although infection is not as simple as other vectors, it is very important to pay attention to details such as small differences in image color, repeated colors, or whether the image is significantly larger than the original. Of course, a security solution will always be on hand. An ESET Latinoamérica employee is aware of the need to detect these and other types of attacks.” states that it is.

How to use steganography to carry out attacks?

Steganography can be used in various types of attacks, both cyber and physical. Here are some examples of how it’s used:

data theft

Attackers can: Hide sensitive data inside images, audio or other file types and then transfer them out of a compromised network or system without raising suspicion.

This can be done by uploading files to web hosting services, social networks, or using more complex methods such as transmitting data over seemingly innocuous communication channels.

secret communication

Steganography can be used for covert communications between agents in criminal or espionage operations.

In this case, secret messages can be hidden in images, videos or other files shared on online platforms. This makes it difficult for authorities or security systems to detect and block communications.

Malware attacks

Malware can use steganography to hide malicious code inside legitimate files, such as images or documents. This could allow malware to bypass security systems and runs on devices without their owners being aware of it.

document processing

Digital documents such as contracts or certificates can be manipulated through steganography, adding or removing information without leaving visible traces. This can be used to forge documents or subtly manipulate contract terms and conditions.

Attacks on social networks and online media

Attackers can use steganography to share sensitive or malicious information on social media platforms. For example, it is possible for them to hide instructions for carrying out attacks in publicly shared images or seemingly innocuous comments.

Stealth DDoS attacks

Attackers can hide distributed denial of service (DDoS) attack commands inside seemingly harmless files, such as images or documents.

It is worth noting that these commands can be activated remotely, allowing attackers to coordinate mass actions without leaving easily detectable clues.

Social engineering attacks

Attackers can use steganography to insert malicious links or code into images, videos, or documents shared in phishing emails, instant messages, or on compromised websites.

This technique can trick users into clicking links or opening filesleading to redirects to malicious websites or downloading malware.

Now that you know what shorthand is and how it occurs, the real tip is to be careful not to fall for this scam. Follow TecMundo for more security tips and also take the opportunity to read about ways to attack using QR Codes.