Malware that utilizes Exchangeable Image File Format (EXIF) data to shroud its code has moved to another stage: GoogleUserContent locales, for example, Google+ and blogger forums.
Using this technique, as observed on Pastebin and GitHub, hackers install code inside transferred and uploaded pictures – a stealthy approach, since pictures are rarely examined for malware, analysts at Sucuri said on Thursday.
These contents can weaponize the site by transferring a predefined web shell and thus, building up backdoor access. Afterward attackers can email the addresses of effectively abused destinations back to them. The persistance to attack this way Google makes the issue inescapable.
This sort of malware infection (a type of steganography) is possible to execute on any website with downloadable pictures, not simply destinations that were created inside the GoogleUserContent framework. Notwithstanding, the migration of the method to Google is a more serious issue, for two reasons: Google pictures are downloaded in massive numbers, it’s harder to report any uncovered malware diseases inside that framework, as indicated by Securi.
Fortunately this system is difficult to create on a mass level – widespread site infections would require automation and the precise misuse of vulnerabilities on a particular site.
Kali Linux for Raspberry Pi 4 Relased
Offensive Security just introduced Kali Linux for Raspberry Pi 4, completely upgraded and re-engineered. This is the first model with…
Magic Eye Enables Robots To Improve Their Object Discovering Capacity
Another MIT-created procedure empowers robots to rapidly distinguish items covered up in a three-dimensional haze of information, reminiscent of how…
3 Cybersecurity Conferences of 2019 You Must Attend
As we know security takes a team, and it’s a journey. Boost your security approach by networking and knowledge sharing. Defcon When: 9-11 August, 2019…
Macrocomm announced as sponsor of IoT Forum Africa 2019
Macrocomm has been announced as a Bronze Sponsor of the Internet of Things Forum Africa 2019. This year, IoT Forum…