Image Steganography Example: How I Created an Attack

May 19, 2020

A cyber attack using image steganography techniques refers to the practice of cybercriminals hiding malicious code within an innocent-looking image file. For example, a standard JPEG photo contains several megabytes of pixel data, allowing an attacker to alter several pixels to embed malicious code. The changes are so subtle that human eyesight cannot detect them, and it would be very time-consuming for machines to scan every image for hidden data, especially when the threat is unknown, so the machines do not know what they should be searching for. Like all malware, image steganography can be used to hide the payload within the code itself, or the code can call additional code or executables associated with attacks. See our previous post for more details about image steganography threats, including its history and examples.

Image steganography attacks are extremely easy to implement, especially with DIY toolkits widely available online and hundreds of free apps on the market. Anyone with malicious intent has the potential to abuse image steganography and cause much damage to a target. Let’s explore how simple it is to hide text in an image using steganography.

Step 1: Determine the Image Steganography Attack Target and Payload

An attacker goes through a multi-step process when creating an image steganography technique. They must set their sights on a specific company, select a specific target at that company, research the access available to that target, and determine how exactly the hack should take place. The payload must also be determined: what do they want the steganography technique to accomplish? Do they want to take control of the target’s machine or quietly extract information?

Step 2: Alter an Image Using Steganography

As a steganography example, take a standard, innocent-looking image, and alter a number of its pixels to embed hidden messages or files inside the image.

To do this, install a tool called Steghide on the machine. Then, run commands to copy an image file (Kids_On_The_Beach_STEG.jpg) into the root of the Directory, as well as the text file that should be embedded into that particular image (HighlyClassified.txt). Finally, confirm the two files reside in the same folder.

 

screenshot of steganography image altering example using steghide tool run command

Then, leverage Steghide to hide the text file in the image using steganography.

Steghide example for Image Steganography blog post.

Take the altered file that is now created and rename it (Kids_On_The_Beach_STEG_EMBEDDED.jpg). Verify that the two files are completely different by running a Get Hash value command using Powershell on each file, showing two totally different hash values.

 

steganography example showing how to get hash value command using powershell

Step 3: Extract the Malicious Image Code

Using Steghide, run a command to extract the embedded data to a separate file (HighlyClassified_EXT.txt).

Steghide run command to extract embedded data to a separate file.

Once the file is extracted, hackers can execute the payload and cause damage to the target. By hiding the payload within an image file, image steganography techniques can easily evade standard anti-malware and APT tools, which are not designed to detect this type of malware. Thankfully, there are advanced cybersecurity solutions on the market that prevent image steganography attacks.

How Businesses Can Prevent Image Steganography Attacks

Votiro’s Content Disarm and Reconstruction (CDR) technology can overcome image steganography challenges as it neutralizes all external malicious content threats – including undisclosed and zero-day exploits. CDR technology recreates the received image file (Kids_On_The_Beach_STEG_EMBEDDED.jpg) with only the vendor-approved components of the file included. This means any malware, malicious macro, or threat embedded or encrypted in the file is left behind, and the file delivered to its end destination arrives with full functionality and security.

Votiro Sanitizing an Image Steganography File

The below shows the file on Votiro’s platform.

steganography threat data on votiro platform

Note that even though the technology did not recognize any known threat, it still sanitized the file. This meticulousness is why Votiro has not experienced a single breach across hundreds of customers and billions of files.

The sanitized file is then reconstructed while preserving the integrity and functionality of the original file. The two images look exactly alike; the only difference is that the malicious image steganography code has been removed. To verify, run the Steghide process for extracting the content.

Steghide was unable to extract the malicious text because that content no longer exists

Steghide was unable to extract the malicious image steganography attack text because that content no longer exists—thanks to Votiro’s Advanced CDR technology, which has the ability to neutralize the malicious data hiding in image steganography files. For another example, you can read our case study on how Votiro protects Hachshara, an insurance company that manages up to 300,000 incoming files each month.

Choose Votiro for Image Steganography Attack Prevention

You can help your business stay safe from steganography image malware and other cyberattacks with the help of Votiro. Our Positive Selection® Technology is incredibly thorough in protecting your files, emails, images, web browsers, and web applications. We invite you to contact us to get started or schedule a free demo to learn more today.