ICT Security-Sécurité PC et Internet

Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code.

The technique is known as steganography -- the art of hiding information in plain sight, in another data medium.

In the software field, steganography -- also referred to as stego -- is used to describe the process of hiding files or text in another file, of a different format. For example, hiding plain text inside an image's binary format.

Using steganography has been popular with malware operators for more than a decade. Malware authors don't use steganography to breach or infect systems, but rather as a transfer method. Steganography allows files hiding malicious code to bypass security software that whitelists non-executable file formats (such as multimedia files).

All previous instances where malware used steganography revolved around using image file formats, such as PNG or JEPG.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Steganography

The LokiBot malware family has been given a significant upgrade with the ability to hide its source code in image files on infected machines. 

Known as steganography, the technique is used to hide messages or codes within various file formats, including .txt, .jpg, .rtf, and some video formats. 

While this practice can be implemented for legitimate purposes, such as the protection of files on intellectual property and copyright grounds, attackers can also embed files with triggers to hide source code and malware functionality. 

The developers of LokiBot have realized the potential of steganography for concealment. Trend Micro researchers Miguel Ang, Erika Mendoza, and Jay Yaneza said this week that a new variant of the malware uses the technique to hide its code.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Steganography

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=LokiBot

The LokiBot malware continues to evolve and is now using steganography to cloak its malicious files, according to a report from Trend Micro this week.

Recently highlighted as one of the top three malware strains of 2018, LokiBot started out as a password- and cryptocurrency wallet–stealing malware on hacker forums as early as 2015, but it has evolved, according to Trend Micro. It has taken to abusing the Windows installer and updating the methods that it uses to stay on the victim's system.

Now, Trend Micro has identified a new variant of the malware that uses steganography to help hide its malicious intent. It installed itself as a .exe file, along with a separate .jpg image file. The image file opens, but it also contains data that LokiBot uses when unpacking itself.

This LokiBot variant drops the image and the .exe file into a directory that it creates, along with a Visual Basic script file that runs the LokiBot file. Its unpacking program uses a custom decryption algorithm to extract the encrypted binary from the image.

Trend Micro has seen LokiBot hiding inside image files before. In April, it reported a variant of the malware that hid a .zipx attachment inside a .png file.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Steganography

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=LokiBot

The Platinum advanced persistent threat (APT) group is back with new techniques that employ steganography to hide their actions in text.

On Wednesday, Kaspersky researchers said the discovery was made while tracking hacking activity across Asian countries this month and the method of disguise, of particular interest to the team, is a "previously unseen steganographic technique to conceal communication."

Platinum came on to the scene and snagged the interest of cybersecurity researchers in 2012. The APT's campaign tends to focus on diplomatic, government and military targets.

This is not the first time that Platinum has been linked with obscure or novel attack techniques -- given the group's use of a now-deprecated feature in Windows called hotpatching in the past -- but it is the first time that steganography appears to have been used.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Steganography

Des pirates s’appuient sur des fausses pubs pour diffuser à des millions d'internautes un malware particulièrement sophistiqué, qui s’appuie sur de multiples techniques de dissimulation.

Voilà encore une preuve que les cybercriminels deviennent de plus en plus malins. Les chercheurs en sécurité d'Eset viennent de mettre la main sur un malware qui exploite des failles dans Internet Explorer et Flash Player, et dont le code est caché directement dans les pixels d'une image de publicité. C’est pourquoi il a été baptisé « Stegano », en référence à la stéganographie, l’art de dissimuler des messages secrets dans des choses en apparence anodines, comme ici une pub en ligne.

L’impact de ce malware, en revanche, est loin d’être anodin. Selon Eset, la publicité vérolée a été diffusée entre autres sur des sites d’actualités très populaires, lui permettant d’être affichée par « plus d’un million d’internautes », explique Robert Lipovsky, l’un des chercheurs d’Eset, dans une note de blog. L’attaque se déroule de façon totalement automatique, la victime n’a pas même pas besoin de cliquer sur la publicité. D’après les chercheurs, Stegano a été utilisé par les cybercriminels pour installer sur les machines des victimes des chevaux de Trois bancaires, des portes dérobées et des logiciels espions. Mais en théorie, il n’y a pas vraiment de limite. « Les victimes pourraient également être confrontées à de méchantes attaques de ransomware », souligne Robert Lipovsky.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Steganography