Computer researches devised a proof-of-concept attack with Steganography to establish covert malware channels on Instagram.
Steganography Can Poison Instagram with Malware
Instagram is not the most secure social network. As it seems new attack methods can exploit the media by using various covert methods to deliver malware. Endpoint researchers came up with a proof-of-concept attack scenario that can exploit a weakness in Mac OS X just by viewing an image on Instagram. The affected versions of the operating system are 10.11.5 and 10.11.6. The vulnerable user application is Microsoft Excel 2016 version 15.24.
The steganography technique is used to conceal images and text by inserting it into another object. This is one of the most widely used ways to hide important and sensitive information and is often used with cryptography to offer secure protection.
The new scheme known as “Instegogram” is intended to demonstrate how a simple image can be used for malware purposes. The victims would download an Excel document with a malicious macro built-in. Upon its execution the code communicates with specific infected Instagram accounts which download images with malicious steganographic contents. The payload is extracted from these files. This is the actual malware that allows remote attackers to execute commands on the victim machines.
The demonstration shows that the code can be inserted in such a way that survives any image changes done by the app – compression, resizing and other types of transformation.
The application itself was built on Mac OS X as an uncertified app. To bypass the security measures, the researchers bypassed the Gatekeeper mechanism which blocks unsigned programs from running.
Apple has been notified of the issue and the company has released a security update to amend the issue.
The researchers also point out to several defensive measures that can be taken:
- Detection of malware code
- Limit access to third-party sites from the service
- Active network monitoring
- Android string detection