Malware Alert Stealthy Malware Hidden in Images Takes to GoogleUserContent

silversurfer

Level 44
Content Creator
AV-Tester
Verified
Joined
Aug 17, 2014
Messages
3,350
#1
Hackers are embedding malicious code within compromised, uploaded images on trusted Google sites – weaponizing the website and staying under the radar.

Malware that uses Exchangeable Image File Format (EXIF) data to hide its code has migrated to a new platform: GoogleUserContent sites, such as Google+ and blogger forums.
In this technique, previously seen on Pastebin and GitHub, hackers embed malicious code within uploaded images – a stealthy approach, since images are rarely scanned for malware, researchers at Sucuri said on Thursday.

These scripts can weaponize the website by uploading a predefined web shell or arbitrary files, placing defacement pages, establishing backdoors and more, and then can email the addresses of successfully exploited sites back to the attacker. The migration to Google exacerbates the pervasiveness of the problem.
 

LASER_oneXM

Level 29
Content Creator
Verified
Joined
Feb 4, 2016
Messages
1,838
OS
Windows 8.1
Antivirus
Kaspersky
#2
source (bleepingcomputer.com):Google User Content CDN Used for Malware Hosting

Furthermore, the researcher also draws a sign of alarm regarding security scans of image files, which are usually ignored by most web-based security scanners.

Such tools usually look for malware in text-based files such as HTML, PHP, JS, or other typical server files, but do not scan the metadata of images hosted or loaded on a site.