Cybercriminals are using steganography to deliver commands to malware via malicious memes, according to researchers at Trend Micro. Steganography is the art of hiding messages inside images.
In this case the images are ones that circulate as popular Internet memes. The memes install code that acts as a command-and-control service for malware which is already present on the targeted machine.
The researchers don’t know how the malware itself is delivered, but they were able to observe the way it reaches out to a Twitter account and downloads the malicious images. The two memes examined by Trend Micro contain a “/print” command, which allows the malware to take screenshots of the machine and send them back to the command-and-control server. The malware supports four other commands, which enable it to retrieve usernames, filenames, clipboard content, and a list of running processes.
While steganography as a means of evading security is nothing new, this threat stands out because the commands come from a legitimate social networking platform and can’t be blocked unless the Twitter account in question is shut down. The researchers note that Twitter has already disabled this account, and that the malware itself was not downloaded from Twitter.
This creative way to bypass detection mechanisms shows that criminals are trying to stay ahead of the security industry’s attempts to shut them out. Technical safeguards are essential for detecting known threats and predicting malicious behavior, but it’s best to avoid interacting with malware in the first place. Most malware finds its way onto a machine after a user is duped by an attacker. New-school security awareness training can give your employees the skills to identify these social engineering tactics.