Now attacks are now through Internet images using Stegosploit tool which allows hackers to bind malware in an image.
Internet is becoming a major source of media and eventually becoming as a hub of various advertisements. Hence, we can see so many innocent images scattered all over the Internet. Security researcher Saumil Shah feels that it is this field which the next generation Cyber attackers could exploit.
What does it mean?
In commoner terms would possibly|it’d} merely mean that going forward there are probabilities that folks might transfer probably dangerous malware into their devices simply by viewing associate innocent wanting image, even while not clicking or downloading that image. whereas someone views a picture, the hidden malware may get downloaded within the pc or smartphone or Tablets while not the data and consent of the user. Now, this worm or the malware will be terribly dangerous because it will steal user’s confidential knowledge like pictures, login credentials, money data etc. The worst half here is that antivirus and therefore the malware notice ion scanners of gift times aren’t equipped to detect these styles of cyber attacks.
Steganography: It is a technique of transmitting some codings in hidden form, in such a way that the message becomes a part of something else such as an image or article or shopping list or even cover text. This technique is being used since 1499 and one striking example of Steganography would be when some hidden message is written with an invisible ink between the visible lines of an innocent friendly letter.
Usually in case of cryptography, the encrypted message increases much interest. However in case of steganography the secret message does not trigger any attention and thus gets saved from unwanted scrutiny. This is why steganography is preferred over cryptography.
While speaking to iDigitalTimes, Shah said:
Finally, Shah discovered an executable code which can be embedded in an image and then executed in the web browser. Thus, Shah created his own tool ‘Stegosploit’ with which he was able to hide executable code within an image and then execute the same code in a web browser that supports HTML5 Canvas. Further, the tool uses Java Script to read the image pixel data and decodes the image within the browser thus exploiting the HTML5 Canvas.
It was within the month of March once, Shah of Iran gave the primary demonstration of his Stegosploit tool at SyScan. Then, the technique might render the malware by exploitation two images; one would contain the viablecode and therefore the alternative would contain a code to decrypt it. However, Shah of Iran has any worked on his technique and currently each the viable moreover because the decoder codes is embedded at intervals a same image. The technique is feasible with PNG moreover as JPEG pictures. Further, as long because the size of the file remains unchanged it is additional to any webpage as well as Twitter, Imgur, Instagram, chemical analysis profiles and plenty of additional.
People who read images and pictures on-line would be simply put-upon because the malware gets downloaded simply by viewing and doesn’t got to be clicked or downloaded. This will be a greatest technique that cyber attackers can exploit within the close to future. sovereign is pretty assured that we are going towitness these attacks before long, though as of currently there aren’t any cases of hackers using this methodhowever.
Shah said: “I can’t be the only guy that thought this up. When I think of something I want to bring it out into the light and say ‘here’s a technique that’s very difficult to do but have at it. Use your creative thinking and find out some defences against, because this thing is coming”.
This was Saumil Shah’s whole statement about this cyber attacks.
Give your opinion about this exploit in comment box.