The digital version of this technique allows them to insert information stolen within the code of an image or video to avoid detection.

The steganography is not a modern technique. It has been used since a long time ago to hide messages in images. But now you are giving a use renewed.

The security firm Kaspersky Lab warns about the digital version of this technique. Cybercriminals are using each time more to hide its malicious activity. Whether for issues of cyber-espionage as to gain financial information. The case is that the tendency is to “worrisome” because the carriage of the steganography does not add up only the hackers are more advanced, but also common criminals. Kaspersky Lab has found its trace in updated versions of trojans such as Zerp, ZeusVM, Kins, or Triton.

“Although this is not the first time that we have witnessed a malicious technique, originally used by actors of threats to sophisticated, find their way into the landscape of malware mainstream, the case of steganography it is especially important”, says Alexey Shulmin, the security researcher of Kaspersky Lab.

“so far”, says Shulmin, “the security industry has not found a way to reliably detect the exfiltration of the data done in this way”. The stolen information is inserted into the code of a picture or video to send to the command and control server. Despite the modification suffered, the image does not change visually, and most of the parameters are kept.

“the images used by attackers as a tool of transportation of stolen information are very large, and although there are some algorithms that could auto-detect the technology, its large-scale implementation would require tons of computational power and would have a cost prohibitive,”, continues Alexey Shulmin.

This expert adds that “it is relatively easy to identify an image ‘charged’ with sensitive data stolen with the help of manual analysis. However”, he adds, “this method has limitations, because a security analyst would only be able to analyze a very limited number of images per day”.

“Maybe”, resolved from Kaspersky Lab, “the answer is a mixture of the two” methods of detection.