A rapid increase in the number of Stegomalware cases using its technique was recently reported sealing as realized by the cybersecurity experts at Cyble Research Labs.
Steganography is primarily a method that involves hiding data within a regular message or file in a specific way. The file type it uses is:
- Text
- Picture
- video
There is no doubt that steganography is one of the most advanced and difficult to detect malware methods. Stegomalware uses image steganography to evade detection mechanisms such as anti-virus software and anti-malware systems.
As a result of using Image Steganography, more than 1.800 malware samples have been detected in the last 90 days. Below is a graph of stegomalware distribution on a monthly basis.
Table of Contents
Malware using Steganography
It is worth noting that there are several applications for malware that use steganography, such as:
- knotweed
- Web Shells
- Hacking Tools: Mimikatz, Rubeus
- NanoCore RAT
- agent Tesla
- XLoader
It has been discovered that numerous instances of .JPG+EXE malware have been observed while monitoring chat across multiple users.
A malicious .exe file is usually recognized as a clean image file and then injected into an image file using the Image Steganography technique.
Researchers reported two attacks in the last weeks of July 2022, which were carried out by unknown individuals. Steganography was used in these attacks to send payloads (malware) in order to carry out the attack.
Technical analysis
There have been several reports about the effect that APT TAs have. Also SFX files that have been used as a way to attack ICS/SCADA systems, using DB exploitation files.
Other systems can also be attacked with this form of attack. An executable file with the .SFX extension contains compressed data that can be decompressed during the attack implementation process.
It is also possible to execute compressed files enclosed within an .SFX file, which allows APT TAs to easily execute malware through this technique.
Here the AgentTesla malware is extracted from the .JPG file to the file after the .SFX file is extracted.
As a result, the additional evasion potential may be readily exploited by combining it with legal proceedings.
Ways of protection
Here are some of the cybersecurity best practices recommended by experts:
- Make sure you are aware of the latest attack techniques.
- Make sure your connected devices, including computers, laptops and mobile phones, are protected by powerful anti-virus tools.
- To prevent data infiltration by malware or Trojans, monitor the beacon at the network level.
- Check file contents at the end, as well as unusual file signatures and properties, when checking suspicious images manually
- Before downloading any file, it is recommended to verify its source.
- Passwords must be updated at regular intervals.
- Make sure you verify the authenticity of all links and email attachments before opening them.
- URLs that spread viruses, such as torrents and warez, should be blocked.
- Ensure that employee systems are equipped with data loss prevention (DLP) methods.