CYBER 101

  • Alerts
  • Blog
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Domains
  • FAQ
  • Incidents
  • Tutorials

Subscribe to our newsletter

FOLLOW US

No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Events
  • Jobs
  • Vendors
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
  • Events
  • Jobs
  • Vendors
Get Help
CyberMaterial
Home Tutorials

Embedding and Extracting Malicious Data from a JPEG using Steganography

by Sophie C.

Reading Time: 5 mins read
in Cyber Professionals, Tutorials

So, What is Steganography?

The word steganography is derived from the Greek words steganos (meaning hidden or covered) and the Greek root graph (meaning to write). Steganography is a technique known for hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then either extracted or executed at its destination. The use of steganography can be combined with encryption as an extra step for hiding or protecting such data.

Cyber criminals use this type of technique as a cyber attack. They usually hide malicious code within a “normal” image file. A regular JPEG image contains several megabytes of pixel data, allowing any attacker to alter several of its pixels and embed malicious code. Attackers can insert data over that original image altering the bits and bytes in a way that it’s almost impossible for the human eye to detect and its usually very time consuming for machines to scan every image for hidden data, especially when the actual threat is unknown, making it difficult for machines to look for something unspecified. Image steganography can be used to hide the payload within the code itself or simply embed code that can call additional code or executables provoking cyber attack.

One of the reasons steganography is not being used as much as other techniques, it is because these threats are limited to a specific delivery mechanism, it can’t be used to deliver malware en-masse, making it impossible for cyber criminals to reach a broad number of users, however, this technique is not obsolete. Back in 2018 FortiGuard Labs researchers observed an increase in malware being delivered using steganography to hide malicious payloads in memes shared online. This type of embedded malware started by attempting to contact a command-and-control (C2) host that downloaded additional code or commands associated with known attacks. This malware was not receiving commands directly, instead, it was instructed to look for additional images in the associated Twitter feed, downloading those images, and then extracting commands hidden within those images to propagate its malicious activity.

Although steganography is an uncommon technique used by cyber criminals, they’ve managed to utilize this technique several times, mainly due to to the rapid spread of content through social media, to deliver malicious payloads.

Steganography Process:

How it works?

A standard image has bits and bytes. Attackers can embed data over that original image altering the bits and bytes in a way that it’s almost impossible for a human eye to detect. It can be hidden messages, text or even malware.

How to embed malicious code in such files?

For the purpose of this tutorial we are using Kali Linux and StegHide.

Step 1: Installing Steghide in KaliLinux

 

//
sudo apt-get install steghide
//

 

Step 2: Gather image and .txt files and embed code

  • Get a JPG image and a .txt file with any content inside.
    • I used this txt and jpg file
      • random-text
  • Duplicate your jpg image so we can compare the original with the modified one.
  • Move the images and the txt file to your desktop.
  • Go to desktop or the location where you put both image and txt file in your terminal.
  • Run the command:
//
sudo steghide embed -ef nameofyourtxtfile.txt -cf nameofyourimagemodified.jpg
//
INFO: nameofyourfile.txt (random-text.txt) nameofyourimagemodified.jpg (random-steg.jpg)
Passphrase: It’s going to ask for a passphrase, if you want to encrypt the content of your .txt file add one. If you need to execute the malicious code, leave it empty.

 

  • Now we can check that both files are different in size.

Step 3: Check changed hash on WindowsPowerShell

  • Open PowerShell on Windows
  • Go to the location where you have both files
  • Run
//
Get-FileHash random-steg.jpg
//

//
Get-FileHash random-original.jpg
//
  • Compare both hashes.

 

Step 3: How to extract the embedded data from the image

  • Run the following command
//
steghide extract -sf random-steg.jpg -xf random-text-extraction.txt
//
ls
//
New txt file: random-text-extraction.txt is the name of the file where the extracted data will be.
  • Check the new txt file created

 

 

  • Now, let’s check what data is in each .txt file. Both files should have the same content.
//
sudo nano random-text.txt
//
sudo nano random-text-extraction.txt
//

 

 

With this technique it is possible to embed any type of file inside an image. You will just have to replace the .txt file for an .exe or any other code.

The following paragraph explains how Steghide works internally, and is taken  from the Steghide manual page:

Steghide uses a graph-theoretic approach to Steganography. You do not need to  know anything about graph theory to use Steghide and you can safely skip the  rest of this paragraph if you are not interested in the technical details. The  embedding algorithm roughly works as follows: at first, the secret data is  compressed and encrypted. Then a sequence of positions of pixels in the cover  file is created based on a pseudo-random number generator initialized with the  passphrase (the secret data will be embedded in the pixels at these positions).  Of these positions those that do not need to be changed (because they already  contain the correct value by chance) are sorted out. Then a graph-theoretic  matching algorithm finds pairs of positions such that exchanging their values  has the effect of embedding the corresponding part of the secret data. If the  algorithm cannot find any more such pairs all exchanges are actually performed.  The pixels at the remaining positions (the positions that are not part of such  a pair) are also modified to contain the embedded data (but this is done by  overwriting them, not by exchanging them with other pixels). The fact that  (most of) the embedding is done by exchanging pixel values implies that the  first-order statistics (i.e. the number of times a color occurs in the picture)  is not changed. For audio files the algorithm is the same, except that audio  samples are used instead of pixels.

Tags: Blog 2020Kali LinuxKaliLinuxSteganographyStegHideTutorial
ADVERTISEMENT

Related Posts

How to set up Windows Hello for Windows 10 and 11

How to set up Windows Hello for Windows 10 and 11

January 24, 2023
How can a donor vet a charity online from a cybersecurity perspective?

How can a donor vet a charity online from a cybersecurity perspective?

January 17, 2023
Certified Information Privacy Professional/US (CIPP/US)

Certified Information Privacy Professional/US (CIPP/US)

January 11, 2023
How to Block Ad Tracking on iPhone and iPad

How to Block Ad Tracking on iPhone and iPad

January 9, 2023

More Articles

Incidents

Iranian hackers leak Mossad information

March 21, 2022

Api Security Podcast

April 22, 2022
Book

Annual Privacy Notice Requirements Under the Gramm-Leach-Bliley Act

June 7, 2022
Jobs

Dark Wolf Solutions – Blue Team Lead, Cybersecurity Advisor

January 12, 2023

Enter passwords…

September 28, 2020
Alerts

CISA Adds Seven Known Exploited Vulnerabilities

April 25, 2022
Book

Enterprise Information Security Architecture

February 10, 2022
Incidents

Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software

November 10, 2021
Load More

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.