SAN FRANCISCO – Researchers are warning of an uptick in the malicious use of steganography as a vehicle for delivering malware. Steganography, they say, is increasingly becoming a go-to tool for cybercriminals not just for infection, but also command-and-control, data exfiltration and as an encryption alternative to sending secret messages.
Simon Wiseman, chief technology officer of Deep Secure, outlined the latest steganography threats and tactics here at the RSA Conference, saying that “stegware” hacking tools are now common on Dark Web hacker forums – suggesting an uptick of threats used in the wild.
“These tools are now standard features on hacker forums,” Wiseman said. “Previously, only talented criminals knew how to make their own stegware. Now these tools have filtered down the food chain for any criminal to buy and use.”
For years, steganography has existed as a rare threat when it comes to malware delivery. In 2016
, the Sundown exploit kit used PNG files to hide exploit code using steganography. But over the past year researchers say steganography has been used in malware programs and cyberespionage tools going by the names of Microcin, NetTraveler and Invoke-PSImage.
“It used to be used by terrorists to communicate without anyone knowing what was being said. Now it’s about hackers using it to hide from detection defenses,” Wiseman said. “They might be hiding dangerous code, a command-and-control channel or using it to exfiltrate sensitive data without detection.”
........
........
