There’s a hacking method out there you may not be aware of which can best be explained with the following two seemingly identical images:
One of them is a photo of a kitten, and one of them is a photo of a kitten with the first book of the Iliad encrypted in it (upload the second photo here to decode it if you don’t believe it). How? Via one of the sneakier methods that can be used to hack into your computer. Welcome to steganographic hacking.
What is steganography?
Steganography is a method of encrypting information that hides the fact that it’s being transmitted at all and is specifically designed to escape scrutiny. Steganography itself has been used for centuries to transmit secret communications, but it is a recent addition to the tools in a hacker’s arsenal.
How is it used for hacking?
Since steganographic hacking is more concept than methodology, there’s no one specific avenue of attack, but some of the examples out there are downright devious.
Vawtrak Favicon Malware:
Favicons are those tiny little icons for websites that appear in your browser tabs – the one for this website is: It’s unassuming, but it’s also automatically downloaded to your computer via your browser, which made it a golden opportunity for hackers in 2015 via a variant of the malware Vawtrak. This hack hid software which monitored web browser data, stole passwords, and accessed update files on remote servers within favicons – all the data required for these hacks were hidden in a 16×16 pixel image.
Stegano Banner Hack:
In 2016, millions of web users saw a relatively innocuous-looking banner for a browser defense tool called Broxu. Unbeknownst to them, they were being exposed to a nasty hack rather unimaginatively called Stegano.
Instead of passively displaying an easy-to-ignore banner ad, the banner was programmed to specifically look for Internet Explorer users who hadn’t yet updated their Flash player. Once located, the exploit invisibly downloaded keystroke-logging software. This hack was especially dangerous because it didn’t require victims to do anything and was widespread across some of the web’s biggest online advertisers. The authors were even cagey enough to not have the ad deploy on virtual browsers, which are often used by cybersecurity firms to identify malware in the wild.
REDBALDKNIGHT:
In 2017, several Japanese businesses found themselves hacked with a one-two punch: computers were first compromised with spear-phishing emails which were lightweight enough to avoid most detection. These emails installed Daserf, a Trojan-style malware that’s been in circulation since at least 2011. The compromised computer would then download a second stage attack steganographically encrypted within an image to bypass network firewalls and allow a command and control style attack that allowed hackers full access to the infected machine. The hacker group responsible, called REDBALDKNIGHT, is assumed to be based in China, and specifically targeted Japanese systems with data relating to defense, biotech, and electronics.
Is my computer doomed?
Not exactly. For the time being, most steganographic attacks either exploit known vulnerabilities in software that hasn’t been updated with the latest patches, or they are follow-up attacks on machines that have been penetrated via phishing or watering-hole style hacks. Nothing is 100 percent safe, but keeping your software up-to-date and using a combination of robust malware protection software and common sense would ideally stop the worst of it. Ideally.
One important take-away: steganographic attacks prey on a common misconception: that browsing the web on familiar sites is de facto safe because the content is on a web server and not your local machine. Keep in mind: in order to view any content on the web, be it text, images, or videos, you are actually downloading a temporary copy of those files to your computer, any of which could be hiding instructions from a remote attacker. Bottom line: The internet’s getting more dangerous and hackers are constantly getting more sophisticated in their methods. Act accordingly.