Execute malware by opening steganographic image


(resfemrz) #1

According to Wikipedia, Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video.
In Layman terms, it is possible to hide data in media file. I was wondering how to use steganography to hide the malware inside image or other file and execute it once the victim opens the image?

Any other effective ideas to execute malware on victim machines are also welcome?
Thank you.


Hi there,

Steganography was not designed for such purpose. I would advise you to do some researches about polyglot files. @fraq also published a nice article about it, worth reading.


(Full Snack Developer) #3

I wouldn’t call the technique I wrote about true stegonography, but it’s definitely a way to embed malicious code in an image and execute it.

(resfemrz) #4

That’s helpful…I will certainly check it out.

There is a term call Stegosploit (https://www.blackhat.com/docs/eu-15/materials/eu-15-Shah-Stegosploit-Exploit-Delivery-With-Steganography-And-Polyglots.pdf)
It is related to browser exploit, I thought someone must have done it with executable malware.

Anyway, thanks.