Malware hiding in pictures? More likely than you think

/in


Malware, Digital Security

There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.

Márk Szabó

02 Apr 2024
 • 
,
4 min. read

Malware hiding in pictures? More likely than you think

Cybersecurity software has grown quite capable of detecting suspicious files, and with businesses becoming increasingly aware of the need to up their security posture with additional layers of protection, subterfuge to evade detection has become necessary.

In essence, any cybersecurity software is strong enough to detect most malicious files. Hence, threat actors continually seek different ways to evade detection, and among those techniques is using malware hidden in images or photos.

Malware hiding in images

It might sound far-fetched, but it is quite real. Malware placed inside images of various formats is a result of steganography, the technique of hiding data within a file to avoid detection. ESET Research spotted this technique being used by the Worok cyberespionage group, who hid malicious code in image files, only taking specific pixel information from them to extract a payload to execute. Do mind that this was done on already compromised systems though, since as mentioned previously, hiding malware inside images is more about evading detection than initial access.

Most often, malicious images are made available on websites or placed inside documents. Some might remember adware: code hidden in ad banners.  Alone, the code in the image cannot be run, executed, or extracted by itself while embedded. Another piece of malware must be delivered that takes care of extracting the malicious code and running it. Here the level of user interaction required is various and how likely someone is to notice malicious activity seems more dependent on the code that is involved with the extracting than on the image itself.

The least (most) significant bit(s)

One of the more devious ways to embed malicious code in an image is to replace the least significant bit of each red-green-blue-alpha (RGBA) value of every pixel with one small piece of the message. Another technique is to embed something into an image’s alpha channel…

Source…