Use of ‘StegWare’ Increases in Stealth Malware Attacks

hawki · Apr 19, 2018

"SAN FRANCISCO – Researchers are warning of an uptick in the malicious use of steganography as a vehicle for delivering malware. Steganography, they say, is increasingly becoming a go-to tool for cybercriminals not just for infection, but also command-and-control, data exfiltration and as an encryption alternative to sending secret messages...

'Previously, only talented criminals knew how to make their own stegware. Now these tools have filtered down the food chain for any criminal to buy and use.'..."

https://threatpost.com/use-of-stegware-increases-in-stealth-malware-attacks/131293/

guest · Mar 18, 2019

Hackers using steganography to Drop the Powload Malware & Hide Their Malvertising Traffic
March 17, 2019
https://gbhackers.com/steganography-powload-malware/

Cyber criminals now approaching a unique way to spread Powload malware with the help of steganography to infect the targeted system.

Powload campaign activity distributing since 2018 through fileless techniques and hijacking email accounts to deliver the information-stealing malware such as emotet and Ursnif.
But the recent attacks employed the steganography techniques in which attackers turn from the fileless method(straight forward infection chain) that has been changed by adding additional stages to deliver the malware that helps to evade the detection.
Steganography Approach by Powload Malware
In this case, Powload malware abuse a publicly available script called (Invoke-PSImage) that helps to Embed malicious scripts in the pixels of a PNG file.
Click to expand...

guest · Mar 25, 2019

Malware Payloads Hide in Images: Steganography Gets a Reboot
March 25, 2019
https://threatpost.com/steganography-combat/143096/

Watch Out for Steganography
Cryptography is the most well-known of the ancient clandestine arts, but steganography has a long and storied history as well. Steganography is a cryptographic technique of hiding something – a message, code, or other content – within something else, such as a digital photograph or video, allowing it to be passed along in plain sight.

Cyberthreat actors have once again begun to incorporate this technique into various aspects of their schemes and wares. Recent examples include the Sundown Exploit Kit and the new Vawtrak and Gatak/Stegoloader malware families.
Rather than receiving commands directly, the malware is instructed to look for additional images in the associated Twitter feed, download those images, and then extract commands hidden within those images to propagate its malicious activity.

So, even though steganography is a low-frequency attack vector, cybercriminals have figured out how to employ it in a manner that enables them to leverage the prevalence and rapid growth of social media to deliver a malicious payload.
Click to expand...

guest · May 28, 2019

The Rise of Stegware
May 27, 2019
https://www.infosecurity-magazine.com/opinions/rise-stegware-1/

Stegware seems to be the newest gimmick for cyber-criminals. Using Steganography - the practice of hiding malicious code within an image, video, or otherwise innocuous file - hackers have found yet another way to get malware past security tools.
This allows an attacker to inject a seemingly benign picture or sound file into a target’s computer and activate once they’re past their target’s defenses.

Steganography has reached a peak in recent months, with a number of actors exhibiting a variety of different tactics. In many cases, attackers will hide code in picture files, concealing their code within the pixels of an image. Social media has also been notably used as command and control for Stegware, with images and tweets sending commands which activate the malware on an infected device.

Stegware is merely the newest stage in a long term development - attacks getting quieter and ever more creative at slinking past the solutions we think protect us.
Click to expand...

guest · Oct 16, 2019

WAV audio files are now being used to hide malicious code
Steganography malware trend moving from PNG and JPG to WAV files
October 16, 2019
https://www.zdnet.com/article/wav-audio-files-are-now-being-used-to-hide-malicious-code/

Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code.

All previous instances where malware used steganography revolved around using image file formats, such as PNG or JEPG.
The novelty in the two recently-published reports is the use of WAV audio files, not seen abused in malware operations until this year.
THE TWO REPORTS
The first of these two new malware campaigns abusing WAV files was reported back in June. Symantec security researchers said they spotted a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims.

The second malware campaign was spotted this month by BlackBerry Cylance. In a report published today and shared with ZDNet last week, Cylance said it saw something similar to what Symantec saw a few months before.
Click to expand...

THE COMMODITIZATION OF STEGANOGRAPHY
Furthermore, Lemos also told us that this also appears to be the first time a crypto-mining malware strain was seen using abused steganography, regardless if it was a PNG, JPEG, or WAV file.

A proper way of dealing with steganography is... not dealing with it at all. Since stego is only used as a data transfer method, companies should be focusing on detecting the point of entry/infection of the malware that abuses stegonagraphy, or the execution of the unauthorized code spawned by the stego-laced files.
Click to expand...

BlackBerry Cylance − ThreatVector: Malicious Payloads - Hiding Beneath the WAV

Log in or Sign up

Use of ‘StegWare’ Increases in Stealth Malware Attacks

hawki Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

Use of ‘StegWare’ Increases in Stealth Malware Attacks

hawki Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches