Tag Archive for: Hiding

Malware hiding in pictures? More likely than you think

/in


Malware, Digital Security

There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.

Márk Szabó

02 Apr 2024
 • 
,
4 min. read

Malware hiding in pictures? More likely than you think

Cybersecurity software has grown quite capable of detecting suspicious files, and with businesses becoming increasingly aware of the need to up their security posture with additional layers of protection, subterfuge to evade detection has become necessary.

In essence, any cybersecurity software is strong enough to detect most malicious files. Hence, threat actors continually seek different ways to evade detection, and among those techniques is using malware hidden in images or photos.

Malware hiding in images

It might sound far-fetched, but it is quite real. Malware placed inside images of various formats is a result of steganography, the technique of hiding data within a file to avoid detection. ESET Research spotted this technique being used by the Worok cyberespionage group, who hid malicious code in image files, only taking specific pixel information from them to extract a payload to execute. Do mind that this was done on already compromised systems though, since as mentioned previously, hiding malware inside images is more about evading detection than initial access.

Most often, malicious images are made available on websites or placed inside documents. Some might remember adware: code hidden in ad banners.  Alone, the code in the image cannot be run, executed, or extracted by itself while embedded. Another piece of malware must be delivered that takes care of extracting the malicious code and running it. Here the level of user interaction required is various and how likely someone is to notice malicious activity seems more dependent on the code that is involved with the extracting than on the image itself.

The least (most) significant bit(s)

One of the more devious ways to embed malicious code in an image is to replace the least significant bit of each red-green-blue-alpha (RGBA) value of every pixel with one small piece of the message. Another technique is to embed something into an image’s alpha channel…

Source…

Hackers Hiding Keylogger, RAT Malware in SVG Image Files

/in


Critical Infrastructure Security
,
Cybercrime
,
Endpoint Security

New Campaign Evades Security Tools to Deliver Agent Tesla Keylogger and XWorm RAT

Prajeet Nair (@prajeetspeaks) •
March 13, 2024    

Hackers Hiding Keylogger, RAT Malware in SVG Image Files

Threat actors are hiding malware in SVG image files to evade detection and deliver ransomware, download a banking Trojan and distribute malware.

See Also: Live Webinar | Secrets Detection: Why Coverage Throughout the SDLC is Critical to Your Security Posture

Cofense Intelligence researchers in January observed a two-month campaign that used SVG files to deliver Agent Tesla Keylogger and XWorm RAT malware. The researchers advise security teams to remind users to watch for unexpected downloads upon opening an SVG file, the telltale sign of a compromise.

The Scalable Vector Graphic file format uses mathematical equations to describe images, which enables them to be scaled without loss of image quality and makes them suitable for diverse design applications.

AutoSmuggle, an open-source tool released in May 2022, enables threat actors to embed malicious files within SVG or HTML content, bypassing security measures such as secure email gateways and increasing the chances of successful malware delivery.

The use of SVG files for malware delivery was first observed in 2015, but researchers said hackers have refined their tactics to bypass security measures and successfully distribute harmful payloads. SVG files distributed Ursnif malware in 2017 and were used to smuggle .zip archives…

Source…

Google tests a ‘Private Space’ feature on Android phones, allowing secure hiding of apps

/in


Minute Mirror - Subscribe
Minute Mirror - Subscribe

For Android smartphones, Google is actively developing a feature called “Private Space” that will allow users to safely conceal apps. This feature, which is expected in a future Android OS update, allows users to hide files and apps from other users, similar to Samsung’s Secure Folder feature that has been around for six years.

This feature, found in the Security & Privacy settings, enables users to create a protected Android user profile using biometrics or a password/PIN. Mishaal Rahman found this development in the Android 14 QPR2 beta. This feature improves privacy when sharing the device by hiding not just the presence of the app but also its notifications.

To preserve the covert use of the “Private Space” feature, Google is thinking of implementing a search bar trigger to reveal these apps.
The possible inclusion of the feature in Android 15 may indicate that smartphone makers will use it more widely, giving more people access to Samsung’s Secure Folder-like features. Rahman points out that not all features were activated in the most recent beta because it’s still in development.

Source…

Chinese Hackers Are Hiding in Routers in the US and Japan

/in


WIRED broke the news on Wednesday that SoundThinking, the company behind the gunshot-detection system ShotSpotter, is acquiring some assets—including patents, customers, and employees—from the firm Geolitica, which developed the notorious predictive policing software PredPol. WIRED also exclusively reported this week that the nonprofit Electronic Privacy Information Center is calling on the US Justice Department to investigate potentially biased deployment of ShotSpotter in predominantly Black neighborhoods.

As the US federal government inches closer to a possible shutdown, we took a look at the sprawling conservative media apparatus and deep bench of right-wing hardliners in Congress that are exploiting their leverage to block a compromise in the House of Representatives.

Satellite imaging from the Conflict Observatory at Yale University is providing harrowing insight and crucial information about the devastation wrought in the city of Khartoum by Sudan’s civil war. Meanwhile, researchers from the cybersecurity firm eQualitie have developed a technique for hiding digital content in satellite TV signals—a method that could be used to circumvent censorship and internet shutdowns around the world. And the productivity data that corporations have increasingly been gathering about their employees using monitoring software could be mined in an additional way to train AI models and eventually automate entire jobs.

Plus, there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

A China-linked hacking group, dubbed BlackTech, is compromising routers in the US and Japan, secretly modifying their firmware and moving around company networks, according to a warning issued by cybersecurity officials this week. The United States Cybersecurity and Infrastructure Security Agency (CISA), the NSA, FBI, and Japan’s National Police Agency and cybersecurity office issued the joint alert saying the BlackTech group was “hiding in router firmware.”

The officials said they had seen the Chinese-linked actors using their access to the routers to move from “global subsidiary…

Source…