silversurfer

Level 46
Content Creator
Trusted
Malware Hunter
Verified
Hackers are embedding malicious code within compromised, uploaded images on trusted Google sites – weaponizing the website and staying under the radar.

Malware that uses Exchangeable Image File Format (EXIF) data to hide its code has migrated to a new platform: GoogleUserContent sites, such as Google+ and blogger forums.
In this technique, previously seen on Pastebin and GitHub, hackers embed malicious code within uploaded images – a stealthy approach, since images are rarely scanned for malware, researchers at Sucuri said on Thursday.

These scripts can weaponize the website by uploading a predefined web shell or arbitrary files, placing defacement pages, establishing backdoors and more, and then can email the addresses of successfully exploited sites back to the attacker. The migration to Google exacerbates the pervasiveness of the problem.
 

LASER_oneXM

Level 31
Verified
source (bleepingcomputer.com):Google User Content CDN Used for Malware Hosting

Furthermore, the researcher also draws a sign of alarm regarding security scans of image files, which are usually ignored by most web-based security scanners.

Such tools usually look for malware in text-based files such as HTML, PHP, JS, or other typical server files, but do not scan the metadata of images hosted or loaded on a site.