![]() “The cover image must compress well, such that the compressed filesize is less than (width * height) – size_of_embedded_file,” he wrote in his post. There are some requirements for both the images used to obscure files and the files being hidden inside them for his method to work, Buchanan explained. JPG files on a website they’ve injected with malicious code. The finding also comes on the heels of a discovery by researchers at website security firm Sucuri that Magecart attackers began hiding sensitive data they’ve skimmed from credit cards online inside. ![]() If his method is successful, it can give attackers another way to hide in hosted images on a widely used social media platform. The reason he was successful is because while Twitter strips unnecessary data from PNG uploads, they don’t remove trailing data from the DEFLATE stream inside the IDAT chunk if the overall image file meets the requirements to avoid being re-encoded, he explained.īuchanan’s finding is important because threat actors have found digital steganography, or the art of hiding information inside media, a useful method especially for obscuring malicious files or other activity, including communication between command and control servers. Specifically, Buchanan demonstrated how he could hide both MP3 audio files and ZIP archives within the PNG images hosted on Twitter. He made the source code for his method available in a ZIP/PNG file attached to the image as well as on a post on GitHub that explains his methodology. Researcher David Buchanan heralded his discovery on Twitter earlier this week, accompanied by a photo declaring: “Save this image and change the extension to. A security researcher has discovered a novel steganography technique for hiding data inside a Portable Network Graphics (.PNG) image file posted on Twitter, a tactic that could be exploited by threat actors to hide malicious activity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |