Blog

Rajib Singha
Stegosploit – A Technique that can Hack your PC Using Just an Image!
June 3, 2015

By merely looking at an image in your browser, you can infect your PC with a malware. Know how from the following post.

This_picture_may_hack_your_computer

Thanks to a technique called Stegosploit, a hacker can infect your system by simply making you load an image on the Internet. You don’t even have to click or download the image.

What is Stegosploit?
Stegosploit is a technique developed by Security researcher Saumil Shah. The researcher presented it at Hack in the Box Conference recently held in Amsterdam. Using this technique, hackers can embed a malicious code inside the pixels [a pixel is a single point in a graphic image] of an image. And once a user loads this image on their browser, the malware will get downloaded automatically. Pictures that carry such codes do not look any different from other images. This technique works for both JPEG and PNG images.

How was Stegosploit developed?
Shah was able to develop this technique using steganography – a primitive technique used since 1499 to transmit messages in a hidden form. A popular example of this technique is writing a secret message using an invisible ink in a letter having a visible, ordinary message. As Shah defines it, “Steganography hides the message in plain sight”.

So what does this mean?
It means that you may download a nasty virus on your system simply by viewing an image on your browser, without even clicking on it or downloading it.

Who are at risk?
The Stegosploit technique can affect Internet browsers that have unpatched security vulnerabilities.

Has Stegosploit been used in the wild?
There have been no reports which can evident the use of Stegosploit in the real world. But this does not mean that it won’t. It is also important to note that, using this technique, hackers can accomplish practically anything such as stealing the victim’s personal data, modifying files, opening a backdoor for other malware, etc.

Precautionary Measures to take
It is only a matter of time before hackers start using techniques such as Stegosploit to deliver malware. So, here are safety measures that one must take to prevent such attacks:

1. Use genuine and popular websites to view or download images.

2. Avoid clicking links in emails to view images; especially when it is from an unknown or unwanted source.

3. Keep your browsers, OS, and software patched and up-to-date.

4. Have a reliable antivirus software in your computer that blocks malicious sites, spam and infected emails.

To know more about this story from a technical point of view, please visit this link.

subscribe to blog button

Have something to add to this story? Share it in the comments.

Rajib Singha
About Rajib Singha
Rajib is a Physics graduate and a technology enthusiast. Besides having a keen interest in the latest gadgets, he is also into IT security and all that it...
Articles by Rajib Singha »

93 Comments

Your email address will not be published.

CAPTCHA Image

  1. sourav bhakatJune 3, 2015 at 9:54 PM

    i luv quick heal

    Reply
  2. Mirza Naveed BaigJune 4, 2015 at 10:41 AM

    Thanks for inform.

    Reply
  3. I’ve quickheal pro 16:00. Am I protected or not ?

    Reply
  4. hE hE hE
    Ekdum SuNdAr Haabe…!

    Reply
  5. Avinash ShuklaJune 4, 2015 at 3:41 PM

    I wish to share this on my facebook page. Please notify if this can be done freely or if there are any conditions, please let me know.

    Reply
  6. Avinash ShuklaJune 4, 2015 at 3:55 PM

    I wish to share this on my facebook page. Please give permission to do so or if there are any conditions please give them too.

    Reply
  7. Chanolian SatheendranJune 4, 2015 at 4:00 PM

    THANKS FOR THIS VALUABLE INFORMATION. I JUST LOVE TO HEAR FROM QUICK HEAL ABOUT THE RECENT DEVELOPMENT.

    Reply
  8. BhupendraJune 4, 2015 at 4:28 PM

    Thank’s for Information.

    Reply
  9. BhupendraJune 4, 2015 at 4:29 PM

    Thank’s for Info.

    Reply
  10. A 14th century technology can be so powerfullly harmful is a real eye opener. Loads of thanks for keeping us informed & on our toes.

    Reply
  11. thanks for the great information

    Reply
  12. Thanks quick heal

    Reply
  13. dharmveerJune 4, 2015 at 5:12 PM

    thanks for info

    Reply
  14. Thank,s for info

    Reply
  15. Thanxx Qick HealJune 4, 2015 at 5:40 PM

    I have purchased Quick Heal recently but my problem is not yet solved by quick heal from my computer…i am unable to use any external hard disk through my computer

    Reply
  16. Bhupendra JoshiJune 4, 2015 at 5:54 PM

    Very useful. Thanks for information

    Reply
  17. Nirmal ParekhJune 4, 2015 at 7:00 PM

    Thanks Quickheal for the updates.

    Reply
  18. Can I tweet this on twitter?

    Reply
  19. Usefull information. Thanks

    Reply
  20. Ruchi DesaiJune 4, 2015 at 7:31 PM

    Thanks For sharing information.

    Reply
  21. pranveer singhJune 4, 2015 at 7:34 PM

    Thanks !

    Reply
  22. Thanks for the message

    Reply
  23. Santosh KewatJune 4, 2015 at 8:14 PM

    Dear Sir,

    Will you please help me to remove Recycler Virus because as I think Quick Heal Total Security x64 not working on my Windows 8.1 Enterprises x64 machine.

    But Quick Heal Hides that folder which is Created by the Recycler Virus Like System Information folder which will become visible if we are uninstalling quich heal or browsing our folder via some other software’s like File Zilla FTP Software even if QHTS already on your machine.

    Reply
  24. Manohar GajpallaJune 4, 2015 at 8:27 PM

    Thanks Quick Heal Team for safety bulletins. I feel safe with U.

    Reply
  25. Subhra KantiJune 4, 2015 at 9:36 PM

    thanks for suggestion

    Reply
  26. Many thanks QuickHeal for this new info which you sent real QUICK !

    Please can you try to get rid of all sorts of HACKERS from the INTERNET ?

    If yes, then CONGRATES. If No, then Why ?

    Regards

    Reply
  27. Shibu JohnJune 4, 2015 at 10:33 PM

    Absolutely eye opening info. Hats off to Quick Heal Engineers.

    Reply
  28. Arunava ChakrabartyJune 4, 2015 at 10:58 PM

    thank you for informing…

    Reply
  29. Shailendra ChariJune 4, 2015 at 11:02 PM

    This seems to be really dangerous. Can Quick Heal detect it and stop it from harming my PC. Please also tell me how to check if any website or e-mail message is safe to open and download.

    Reply
    • Hi Shailendra,

      Since Quick Heal automatically blocks infected sites, spam and malicious emails, chances are rare that you will come across such images.

      Regards,

      Reply
  30. Jason SilvaJune 4, 2015 at 11:16 PM

    @Rajib Singha,
    Why you are promoting users to click on that FB page?
    Th page is looking like phishing age, not really looking original. Sorry, but I told what I think.
    I would like to share it on FB but I will share the link.

    Reply
  31. I just want to download a free tally erp 9… i thought i am downloading tally, after 7 % downloading, i got suspicious about this software (tally). i suddenly stopped using task manager, because there is no options for close and abort the software installations. after that i have to remove so many software from control panel becoz suddenly a few unknown and unrequited software installed automatically. after that my google crone getting problem with crashed. while also i play chess in chess.com… a new tab open automatically and redirect to another page.

    after that i thought i should have a antivirus. i already bought kaspersky pure total security, but i don’t use bcoz when i use kaspersky, my system getting too slow. at task manager shows 100% disk usages.
    now i am using quick heal, after that i come to know, i am also a part of this malicious victim in my computer.

    a many many thanks to quick heal…
    everybody already come to knows that how i satisfied with quick heal. bcoz i write such long comment… 😛

    Reply
  32. Shaheena SheikhJune 5, 2015 at 6:28 AM

    I had already subscribed Quick Heal Total Security both in my laptop and my PC. I really safe…

    Reply
  33. R hemmadiJune 5, 2015 at 8:55 AM

    Does quickheal has safety against these images?

    Reply
  34. Sometimes, I am unable to update guardian antiVirus software online. Though, i have submitted system report to support team, problem not solved till date.

    Reply
  35. I am unable to update my guardian antivirus. Though i have submitted system report to support team, problem not solved till date.

    Reply
  36. thanks quick heal

    Reply
  37. meet hiraniJune 5, 2015 at 11:10 AM

    quick heal is make seedy my pc so i very like quick heal

    Reply
  38. i luv quick heal

    Reply
  39. K K ReddyJune 5, 2015 at 2:04 PM

    Yeomen service from QH. Thank you

    Reply
  40. We have quick heal internet security, will it work?

    Reply
  41. MAYURESH K KULKARNIJune 5, 2015 at 3:11 PM

    Thanks a lot for giving such valuable information!!!!!
    Sir, actually I have some query that I have installed quick heal on my mini laptop. Instead I went through once malware scan and it showed me there are malwares(adwares) on my computer system. So how is this possible? Also, if I clicked on the clean option will my affected files be safe? There is option set restore point before cleaning should I use this?
    Please guide me sir.
    THANKS.

    Reply
    • Hi Mayuresh,

      Thank you for writing in. Please rest assured that Quick Heal is protecting your system from all types of infections. We request you to get in touch with our Support Team so that they can help you solve this issue:

      1. You can submit your query at http://bit.ly/Askus. The team will get back to you with a solution.
      2. You can also contact them at 0-927-22-33-000.
      3. Alternatively, you can chat with our engineers by visiting this link >> http://bit.ly/QHSupport >> Chat with Us

      Regards.

      Reply
  42. M.J.BashaJune 5, 2015 at 5:52 PM

    Quickheal Xlent working Tnqu Quickheal Teem….

    Reply
  43. asok mukherjeeJune 5, 2015 at 6:04 PM

    thanks, I have quickheal.

    Reply
  44. Quickheal The Best.
    Thanks for informing about this Virus 🙂

    Reply
  45. JONY MALIKJune 6, 2015 at 7:53 AM

    THANK YOU SIR
    FOR SHARING INFORMATION AMONG THE PEOPLE..

    Reply
  46. ManasH SaikiAJune 6, 2015 at 10:53 AM

    I have Quick Heal Total Security 2015 PRO. I hope i will get protect….

    Reply
  47. Anop rajpurohitJune 6, 2015 at 1:20 PM

    wander ful

    Reply
  48. santoshkumar shuklaJune 6, 2015 at 2:35 PM

    thanks for information….thanks quick heal team.

    Reply
  49. vrajesh soniJune 6, 2015 at 4:56 PM

    i have quick heal total security.i hope i will protect.am i safe or not with quick heal total security?

    Reply
  50. I downloaded old version antivirus 14.00 version but I could not upgrade to 2015 version so how can I update without downloading I am using old version

    Reply
  51. I liked your antivirus Sir so please upgrade to latest version before downloading

    Reply
  52. shudhansu baghelJune 6, 2015 at 8:29 PM

    my pc is very slow pls solv my pro…..

    Reply
  53. SiddharthJune 6, 2015 at 9:01 PM

    thx for such important info .can you do me a favor ?are kickass torrents and torrentz torrents are safe to download? if not ,please tell me a safe torrent website .

    Reply
    • Hi Siddharth,

      All torrent sites are safe. However, it is the torrents themselves that may or may not be safe. Before downloading a torrent, read the comments about it and see who it is uploaded by. Follow some safety mechanisms before you actually download something. And remember, do not download pirated content as this is illegal.

      Regards.

      Reply
  54. Girish MacwanJune 6, 2015 at 11:37 PM

    I am using Quick Heal Pro.When I starts my system every time there is a massage shows that a specious affected your system/app data/run/……… cleaned.I am doing boot time scan too.How can I remove that virus.

    Reply
    • Hi Girish,

      Thank you for writing in. Please rest assured that Quick Heal is protecting your system from all types of infections. We request you to get in touch with our Support Team so that they can help you solve this issue:

      1. You can submit your query at http://bit.ly/Askus. The team will get back to you with a solution.
      2. You can also contact them at 0-927-22-33-000.
      3. Alternatively, you can chat with our engineers by visiting this link >> http://bit.ly/QHSupport >> Chat with Us

      Regards.

      Reply
  55. arup patraJune 7, 2015 at 2:04 AM

    sir, my computer is effected by stegosploit. so what can i do on that time

    Reply
    • Hi Arup,

      Thank you for writing in. Please rest assured that Quick Heal is protecting your system from all types of infections. We request you to get in touch with our Support Team so that they can help you solve this issue:

      1. You can submit your query at http://bit.ly/Askus. The team will get back to you with a solution.
      2. You can also contact them at 0-927-22-33-000.
      3. Alternatively, you can chat with our engineers by visiting this link >> http://bit.ly/QHSupport >> Chat with Us

      Regards.

      Reply
  56. thanks for alertness

    Reply
  57. thx to inform us

    Reply
  58. SATNAMSINGHJune 7, 2015 at 10:08 AM

    i love q heal

    Reply
  59. bishnupada hembramJune 7, 2015 at 1:03 PM

    thanks you.

    Reply
  60. bishnupada hembramJune 7, 2015 at 1:07 PM

    quick heal is make seedy my pc so i very like quick heal

    Reply
  61. Subrat KaranJune 7, 2015 at 1:19 PM

    Sir,
    by installing antivirus we are safe from all virus or the one which is in its definition only those we are safe from

    Reply
    • Hi Subrat,

      The answer to this is only the viruses which are in the definition database. However, these databases are updated regularly and quickly on a global scale. So it is effective. Quick Heal even has advanced DNAScan, which recognizes abnormal behavior and raises a flag even when the definition databases are not updated with a newly released virus.

      Regards.

      Reply
  62. i hv updated the latest version of quick heal….bt its showing now that it is out of date….what should i do

    Reply
    • Hi Nikhil,

      Even though you may have the latest version of Quick Heal, you need to update the virus database on a daily basis (or whenever the updates are available). If this is not done, you will continue to see the ‘out of date’ message on your dashboard.

      Regards.

      Reply
  63. k v kartikJune 7, 2015 at 10:09 PM

    Hi rajib i appreciate Quick Heal’s attempt to help your customers up to date with the security threats. I am having trouble while surfing on the net in my mobile(android lollipop) or iPad , which ever link I click i get re directed to adsmatte.com I’ve deleted all cookies and history of the browser but the problem persists. This happens even on my laptop if I don’t use quick heal browser. I’ve scanned my laptop and my mobile but no use what should i do?

    Reply
  64. Benoy KurianJune 8, 2015 at 9:42 AM

    When is the Expiry of QH Internet Security

    Reply
  65. Subrat KaranJune 9, 2015 at 7:03 PM

    I HAVE INSTALLED QUICK HEAL TOTAL SECURITY ON MY LAPTOP BUT WHEN I PERFORM THE SCAN WITHOUT DOING ANYTHING THE AFTER THE SCAN IS FINISHED WHEN I GO TO SHUT DOWN IT TAKES LONGER TIME AS USUAL . IT ONLY OCCURS AFTER THE TIME OF IDEAL FULL SYSTEM SCAN.

    Reply
  66. i want to buy free

    Reply
  67. ANEET KUMARJune 12, 2015 at 4:54 PM

    Thanks,
    Quick heal techologies is the better anti virus

    Reply
  68. SWAGATA DASGUPTAJuly 1, 2015 at 8:43 PM

    I have Quick Heal Internet Security 15.00.Am i protected or not?

    Reply