Friday, December 9, 2016

Damned pictures

The best of the week in Cyber Security

Some aboriginal tribes of America and Australia refused to be photographed by explorers because they thought those strange devices -cameras- could steal someone's soul. Even today, there are towns all over the world that keep this belief and don’t allow even a single photo to be taken. Perhaps, seeing their own faces reflected on a piece of paper is like an act of witchcraft for them; something inexplicable than can only be the work of black magic. Like when you hear about steganography for the first time.

Steganography is the study of techniques that hide messages within others. It comes from two Greek words: steganos (hidden) and graphs (writing). The idea is to establish a covert channel of communication in a way that is unnoticed for third parties. This science is not new, it was born a long time ago. But with the development of computer science, many cybercriminals like using it to hide messages or malicious files.

This week we read on Redes Zone website about a new exploit kit called Stegano Exploit Kit, which hides the malware in an image, in particular, in advertising banners. And this way it infects the victims who open the website, no matter if they didn’t download the picture. Simply by seeing it.

The software hides malicious JavaScript code by modifying a number of pixels in the image in PNG format and, using a mathematical formula, it changes the RGBA values to hide other characters in the transparency layer without this affecting the original image. When the banner is loaded into the system, the program uses a reverse mathematical formula, converts the pixels into characters and executes the malicious code. Now you see it, now you don’t.

But this is not the only case. We have recently read in The Register about Poison.JPG, a ransomware that is being distributed by Facebook Messenger. When the user clicks on the image, a window opens asking where you want to save it. But the file, instead of being JPG, has the extension HTA. If you double click, the Locky virus is activated. Does this type of attack work? Absolutely, because cybercriminals know that users trust the security of social networks and are constantly developing techniques to exploit their vulnerabilities. 

Don’t panic! Just like the messages are camouflaged, we can also uncover them, although it’s true they can go unnoticed for antivirus. So… what can we do? We must be more suspicious than usual and use proper analysis tools, such as the ones that Hackplayers website collects in this list.

Malicious code can be hidden in an audio, video, text file, executable, and, of course, in an image. Perhaps the aboriginal tribes were not wrong by being suspicious of photographs. These hidden malware JPGs can steal passwords, computer credentials and perhaps your soul too.

Main image source: Google Images 


Post a Comment