Anti-Malware

Steganography: A New Way to Spread Malware

While we are getting ready to fight zero-day threats, popular exploits, deadly COVID-19 virus. Hackers are evolving new techniques to pass on the malware on your machines. A concept introduced in 1499 but existed since ancient times is the new weapon. It’s called “steganography this new technique is used to send data in a hidden format so that it cannot be read. A combination of the Greek word (steganos) meaning concealed, hidden and ‘graphy ‘meaning writing is becoming a dangerous new trend.

Today in this post we will discuss this new frontier and how to stay protected from it.

What is Steganography?

As already discussed, it is a new method used by cybercriminals to create malware and cyber espionage tools.

Unlike cryptography, which disguises contents of a secret message, steganography hides the fact that a message is being transmitted or a malicious payload is sitting inside the image to dodge security solutions.

There are stories that this method was used in the Roman Empire to pass on the message secretly. They used to select a slave to convey the message and had his scalp shaved clean. Upon doing so the message was tattooed onto the skin and once the hair grew back, the slave was sent to pass on the message. The receiver then used to follow the same process to shave the head and read the message.

This threat is so dangerous that security experts had to collect at a place to learn ways to fight it and disable information concealment.

How does steganography work?

By now it is clear why cybercriminals use this method. But how does this work?

Steganography is a five-fold process – fist attackers do complete research for their target, after this they scan it, gain access, stay hidden, cover their tracks.

publications.computer.org

Once the malware is executed on the compromised machine a malicious meme, image or video is downloaded. After which the given command is extracted. In case the “print” command is hidden in the code a screenshot of the infected machine is taken. Once all the information is collected it is sent out to the hacker via a specific URL address.

A recent example of this comes from the 2018 Hacktober.org CTF event where TerrifyingKity was attached in an image. In addition to this, Sundown Exploit Kit, new Vawtrack and Stegoloader malware families also emerged.

How is Steganography different from Cryptography?

Principally both steganography and cryptography have the same goal i.e. hiding messages and passing on to third parties. But the mechanism used by them is different.

Cryptography alters information to a ciphertext that cannot be understood without decryption. While Steganography does not change the format, it hides the information in a manner that no one knows there is data hidden.

STEGANOGRAPHY CRYPTOGRAPHY
Definition A technique to conceal information in image, video, meme, etc A technique to convert data into ciphertext
Purpose Pass on the malware without being tracked Data protection
Data Visibility No chance Certainly
Data Structure No alteration of data structure Alters the complete structure
Key Optional Necessary
Failure Once a secret message is discovered anyone can access it Using a decryption key ciphertext can be read

In simple words, steganography is stronger and more complex. It can easily bypass DPI systems, etc all this makes it the first choice of hackers.

Depending on the nature Steganography can be divided into five types:

Where criminals hide information

Is there a way to determine steganography? Yes, there are several ways to identify this visual attack.

Ways to Detect steganography Attacks

Histogram Method – This method is also known as the chi-squared method. Using this method the entire image raster is analyzed. The number of pixels possessing two adjacent colors is read.

securelist.com

Fig A: An empty carrier                                                                  Fig B: Filled Carrier

RS Method – This is another statistical method that is used to detect payload carriers. The image is divided into a set of pixel groups and a special filling procedure is used. Based on the values the data is analyzed and an image with steganography is identified

All this clearly shows how cleverly cybercriminals are using steganography to pass on malware. And this is not going to stop because it is very lucrative. Not only this but, Steganography is also used to spread terrorism, explicit content, espionage, etc.

Leave a comment