The digital world we live in is full of hidden dangers, some of which may seem straight out of a spy movie. Believe it or not, one of those dangers lurks within the seemingly innocent realm of images.
You might be wondering, how can something as harmless as an image be a threat. Criminals are always trying new tricks to get away with it.
One of these tricks is hiding malware in images or photos.
This is possible with technique of steganography, where the data is hidden inside a file so that it cannot be traced.
Digital steganography: What is digital steganography?
Recently, ESET researchers found this technique used by the Worok cyberespionage group which hid malicious code in image files, simply extracting from them some specific pixel information in order to extract a payload to execute. Note that this was done on systems that were already compromised, because hiding malware inside images is done more to avoid detection than to gain initial access.
Table of Contents
How this hidden malware works:
One of the ways to embed malware into an image is to replace the least significant bit of each pixel's color value, thus making any changes almost undetectable to the naked eye. Another technique is embedding in the alpha channel of an image, which controls the transparency of a color. This way, the image looks roughly the same as a normal one, making any difference difficult to detect with the naked eye.
But how does this affect you, the everyday internet user: Should you be concerned about the images you encounter online? In most cases, not really. Social media platforms typically compress and modify images, making it difficult for threat actors to embed fully functional malicious code. Furthermore, these hidden threats are only activated when a program capable of extracting and executing the code interacts with them.
However, it is necessary to remain alert:
The difference between a clean image and a malicious image is quite small. To the naked eye, the malicious image may look a bit different, and in this case, the strange appearance could be attributed to poor image quality and resolution, but the reality is that all those dark pixels are an indication of malicious code. Also, malicious images have been used to introduce malware such as trojans and remote access tools, putting unsuspecting users at risk.
The key to staying safe in the digital world:
The best protection lies in awareness and prevention. It's a good idea to always keep your security systems, applications and operating systems up to date. The risk can be avoided by running fully up-to-date software and using a reliable, up-to-date security solution.