Batu69 Posted June 3, 2015 Share Posted June 3, 2015 Next time when someone sends you a photo of a cute cat or a hot chick than be careful before you click on the image to view — it might hack your machine. Yes, the normal looking images could hack your computers — thanks to a technique discovered by security researcher Saumil Shah from India. Dubbed "Stegosploit," the technique lets hackers hide malicious code inside the pixels of an image, hiding a malware exploit in plain sight to infect target victims.Just look at the image and you are HACKED!Shah demonstrated the technique during a talk titled, "Stegosploit: Hacking With Pictures," he gave on Thursday at the Amsterdam hacking conference Hack In The Box. According to Shah, "a good exploit is one that is delivered in style." Keeping this in mind, Shah discovered a way to hide malicious code directly into an image, rather than hiding it in email attachments, PDFs or other types of files that are typically used to deliver and spread malicious exploits. To do so, Shah used Steganography - a technique of hiding messages and contents within a digital graphic image, making the messages impossible to spot with the naked eye.Here's How to Hack digital pictures to send malicious exploits:Until now Steganography is used to communicate secretly with each other by disguising a message in a way that anyone intercepting the communication will not realise it's true purpose.Steganography is also being used by terrorist organisations to communicate securely with each other by sending messages to image and video files, due to which NSA officials are forced to watch Porn and much porn.However in this case, instead of secret messages, the malicious code or exploit is encoded inside the image’s pixels, which is then decoded using an HTML 5 Canvas element that allows for dynamic, scriptable rendering of images.The "Secret Sauce" behind Stegosploit - this is what Shah calls it."I don"t need to host a blog," Shah told Motherboard, "I don"t need to host a website at all. I don"t even need to register a domain. I can [just] take an image, upload it somewhere and if I just point you toward that image, and you load this image in a browser, it will detonate."The malicious code, dubbed IMAJS, is a combination of both image code as well as JavaScript hidden into a JPG or PNG image file. Shah hides the malicious code within the image’s pixels, and unless somebody zoom a lot into it, the image looks just fine from the outside.Video Demonstration & more info -; http://thehackernews.com/2015/06/Stegosploit-malware.html?m=1_________________________________________________________________________________________UpdateWhy Stegosploit Isn’t An Exploithttps://medium.com/@christianbundy/why-stegosploit-isn-t-an-exploit-189b0b5261eb Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted June 3, 2015 Share Posted June 3, 2015 exploit +javascript may be malwarebytes anti exploit can help us ? Link to comment Share on other sites More sharing options...
player Posted June 3, 2015 Share Posted June 3, 2015 UpdateWhy Stegosploit Isn’t An ExploitThe only part I appreciate from this thread. Link to comment Share on other sites More sharing options...
smallhagrid Posted June 3, 2015 Share Posted June 3, 2015 That is just nasty.Now it is for certain that absolutely NOTHING is safe from being a malware conduit.Meh. Link to comment Share on other sites More sharing options...
x3r0 Posted June 5, 2015 Share Posted June 5, 2015 Ah, this brings me back to https://www.f-secure.com/v-descs/ms04-028.shtml, good ol' JPG of the Death. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.