Research finds hackers hiding malware threats inside images
Malicious hackers are increasingly using steganography, a digital version of an ancient technique of hiding messages inside images, to conceal the tracks of their activities on an attacked computer, according to a new report from security provider Kaspersky Lab.
Researchers have seen at least three cyber espionage operations using this technique. It’s also being actively adopted by regular cyber criminals, in addition to cyber espionage actors, the report said.
“Although this is not the first time we have witnessed a malicious technique originally used by sophisticated threat actors find its way onto the mainstream malware landscape, the steganography case is especially important,” says Alexey Shulmin, security researcher at Kaspersky Lab.
“So far, the security industry hasn’t found a way to reliably detect the data exfiltration conducted in this way, and the goal of our investigations is to draw industry attention to the problem and enforce the development of reliable yet affordable technologies, allowing the identification of steganography in malware attacks,” he adds.
Kaspersky Lab researchers have seen the technique used in updated version of Trojans including, Zerp, ZeusVM, Kins, Triton and others. Most of these malware families are generally targeting financial companies and users of financial services.
The use of the approach within the Triton Trojan could be a sign of the upcoming mass adoption of the technique by malware authors, resulting in generally increased complexity of malware detection, Kapersky researchers contend.