By merely looking at an image in your browser, you can infect your PC with a malware. Know how from the following post.
What is Stegosploit?
Stegosploit is a technique developed by Security researcher Saumil Shah. The researcher presented it at Hack in the Box Conference recently held in Amsterdam. Using this technique, hackers can embed a malicious code inside the pixels [a pixel is a single point in a graphic image] of an image. And once a user loads this image on their browser, the malware will get downloaded automatically. Pictures that carry such codes do not look any different from other images. This technique works for both JPEG and PNG images.
How was Stegosploit developed?
Shah was able to develop this technique using steganography – a primitive technique used since 1499 to transmit messages in a hidden form. A popular example of this technique is writing a secret message using an invisible ink in a letter having a visible, ordinary message. As Shah defines it, “Steganography hides the message in plain sight”.
So what does this mean?
It means that you may download a nasty virus on your system simply by viewing an image on your browser, without even clicking on it or downloading it.
Who are at risk?
The Stegosploit technique can affect Internet browsers that have unpatched security vulnerabilities.
Has Stegosploit been used in the wild?
There have been no reports which can evident the use of Stegosploit in the real world. But this does not mean that it won’t. It is also important to note that, using this technique, hackers can accomplish practically anything such as stealing the victim’s personal data, modifying files, opening a backdoor for other malware, etc.
Precautionary Measures to take
It is only a matter of time before hackers start using techniques such as Stegosploit to deliver malware. So, here are safety measures that one must take to prevent such attacks:
1. Use genuine and popular websites to view or download images.
2. Avoid clicking links in emails to view images; especially when it is from an unknown or unwanted source.
3. Keep your browsers, OS, and software patched and up-to-date.
4. Have a reliable antivirus software in your computer that blocks malicious sites, spam and infected emails.
To know more about this story from a technical point of view, please visit this link.