Hackers are embedding malicious code within compromised, uploaded images on trusted Google sites – weaponizing the website and staying under the radar.
Malware that uses Exchangeable Image File Format (EXIF) data to hide its code has migrated to a new platform: GoogleUserContent sites, such as Google+ and blogger forums.
In this technique, previously seen on Pastebin and GitHub, hackers embed malicious code within uploaded images – a stealthy approach, since images are rarely scanned for malware, researchers at Sucuri said on Thursday.
These scripts can weaponize the website by uploading a predefined web shell or arbitrary files, placing defacement pages, establishing backdoors and more, and then can email the addresses of successfully exploited sites back to the attacker. The migration to Google exacerbates the pervasiveness of the problem.