What is it about?
Recently, malware (computer viruses) has been using more and more steganographic methods to hide network traffic and remain undetected. These methods were examined and categorized for over 100 different malwares appeared in recent years. This made it possible to identify which techniques are frequently used. It was determined that malware uses images, audio files and properties of network protocols to hide data. In addition, information is often exchanged (in encrypted form) via publicly accessible (social media) platforms.
Featured Image
Photo by Markus Spiske on Unsplash
Why is it important?
We found that only a small part of the possible methods were used by the analyzed malware. There are also only a few network protocols and media formats that are utilized in a large proportion of the malware. By categorizing the formats, protocols, and methods used, trends can be identified. From such observations, further work on countermeasures against such stegomalware can be investigated. It can be assumed, that malware will further focus on steganographic methods in the future to evade early detection.
Perspectives
We hope our joint work will clarify the utilization of steganographic methods applied by threat actors. As malware threatens our daily life by aiming for critical infrastructure (beside further targets), we believe the investigation of in the wild application of steganography will draw a major improvement in the understanding of information hiding in investigated malware samples.
Tobias Schmidbauer
Technische Hochschule Nurnberg Georg Simon Ohm
Read the Original
This page is a summary of: A Comprehensive Pattern-based Overview of Stegomalware, July 2024, ACM (Association for Computing Machinery),
DOI: 10.1145/3664476.3670886.
You can read the full text:
Contributors
The following have contributed to this page
