The fight between cybercriminals and cybersecurity is fought every single day. As new technology is implemented in hopes of protecting against cyberattacks, hackers are constantly finding new ways to infect and attack devices. With many people learning about the main distributions of malware, hackers have changed their tactics and resorted to embedding malware inside of PNG files to infect unsuspecting users. Steganography, a common method used to embed hidden information inside of PNG files, is now being used by hackers to spread malicious code to infect computers. Steganography within PNG files can also be hard for many antiviruses and antimalware services to detect until it’s too late.
How it works
Once an infected PNG file is opened on a victim’s computer, hackers will execute commands which may put the computer or it’s data at risk. In Avast’s analysis of steganographic cyberattacks (specifically Worok’s attacks via steganography), they show that hackers use this vulnerability to take control of Dropbox’s API and initiate a backdoor connection between them and the victim computer. Using Dropbox to connect the computer with the attacker, hackers will use 10 commands to control the backdoor. This allows them to:
- Run commands on the computer,
- Run programs on the computer,
- Download files from a hacker-controlled Dropbox to the computer,
- Upload files to a hacker-controlled Dropbox,
- Rename files on the computer,
- Delete files on the computer,
- View information about files on the computer,
- Navigate through folders in the computer,
- Send information about the computer to the Dropbox,
- And update the backdoor’s configuration file.
With this, hackers were able to successfully perform data-theft attacks on various Asian companies and local governments.
Preventative Measures for The Future
Because of how steganography attacks are undetectable by antiviruses before it’s too late, there are a few things that one must keep in mind to stay protected:
- Avoid clicking on any images or attachments in text messages or emails that you get from unknown senders. It can be dangerous and use malware to infect your device. If you don't know the sender, it's advisable to delete the message and block them.
- Make sure your operating system and applications are up to date. You may better defend yourself against cybersecurity risks by using the most recent versions of your programs, which include the most recent security updates.
- Have reliable antivirus software installed on all devices. This will aid in defending against malware and other cybersecurity dangers. Although steganography attacks may not be detected by these antiviruses, it is still better to be safe than sorry by ensuring that measures can be taken against other threats.