Hiding In Plain Sight – Steganography and Polyglot Files
Unlike with cryptography, steganography messages are readable to anyone with the tools to find them....

What Is Steganography

Steganography is the ancient practice of hiding a secret message in plain sight. You might have dabbled in some steganography as a kid without realizing it. Have you ever tried to write a message in invisible ink? That is a form of steganography. Modern day steganography often involves hiding something within a computer file. One example would be putting a hidden message inside of an image file and sending it to a friend. If anyone else saw the file, they would only find an image of you on vacation. Your friend could use a steganography application to see the hidden message. This process is not to be confused with cryptography. Unlike with cryptography, steganography messages are readable to anyone with the tools to find them. On the other hand, cryptography makes the message unreadable to outside parties by scrambling the message.

Another tool for hackers

Of course, if we are talking about Steganography then there must be a dark side to it. Hackers have abused steganography to hide malware inside of messages. Malicious scripts can be embedded into otherwise innocent files, and they will run as soon as you open them. Microsoft Office files are particularly vulnerable to these types of attacks through macros. Macros are a series of commands used to automate tasks. Hackers can customize the macros to deliver malware when a user interacts with the file in any way.

Polyglot files are another tool of steganography that can be exploited. Polyglot files are files that are more than one file type. For example, the file can be both a JPEG image and a ZIP archive. Because of this it can be opened by image viewing applications even though it also holds an archive of Microsoft Word documents. This can be interesting for hiding messages, but it can also be dangerous in the hands of malicious actors. Hackers might instead create a file that is both a JPEG and a JavaScript file aiming to execute malicious code when it’s opened.

Always be aware of threats

The major takeaway here is to always be mindful of the files you interact with. Only download files from trusted sources. Think twice before you save or share that funny meme you saw on twitter. It could be infected with malware and you might be helping it spread. Also, leave Microsoft Office documents that you find online in protected mode. Simply clicking “enable editing” could be enough to execute a malicious script and infect your machine. 

Related Posts