Hackers Using Steganography For Malware Attacks 

In early September 2022, researchers identified a threat group called Worok that targeted many victims, including government entities around the world, to gain access to devices. They concealed malware used to steal information inside PNG images by least significant bit (LSB) encoding which attaches malicious code to the LSB in the image’s pixels.

To get a view of this attack from the security industry, I have Alyn Hockey, VP Product Management at cybersecurity software and services provider Fortra:

“It’s a hack that’s easily undetected and the old technique is increasingly used to hide malware payloads. So, when an image is viewed by a member of an organization, the payload, otherwise known as a virus, worm or Trojan, can start work immediately – resulting in damage to systems and loss of data.

Steganography examples can be traced back as early as 5 BC when used as a defense tactic by Histiaeus, a Greek ruler of Miletus. Histiaeus shaved and tattooed a man’s head with messages that would go unnoticed once his hair grew back. The alleys, aware of the practice, found the warning messages on the man’s scalp.

Fast forward to 2022 when an employee of General Electric was convicted of conspiracy to commit economic espionage. While this sounds like something out of a thrilling motion picture, the former employee simply used steganography. He was able to take company secrets in files by downloading, encrypting, and hiding them in a seemingly mundane sunset photo. He used his company email address to email the image to his personal email address. According to court documents, the encryption process took less than 10 minutes. 

Again, while not as common as other cyberattacks, the shocking and quick way it can fly under the radar is reason enough to have a security solution that protects not only from external threats like malware but keeps data safe through effective data loss prevention methods. Organizations can apply an anti-steganography feature to sanitize all images as they pass through the secure email gateway. Anti-steganography removes anything hidden within the image, which will not visually alter the image but make it impossible for recipients to recover hidden information – including accidental opening of malware. While this will cleanse all images, it mitigates the overall risk thereby keeping the organization safe – doing so in milliseconds, so the flow of business won’t be disrupted.”

The Bleeping Computer story that I linked to has a lot of detail that is very much worth reading.

Leave a Reply