What is steganography? A complete guide to the ancient art of concealing messages Ben Dickson 06 February 2020

Hidden secrets laid bare



Steganography, the practice of hiding information, has been around for centuries. And in parallel to technological advances, steganography has also evolved and adapted with the advent of computers and the internet.

Digital steganography usually involves hiding data inside innocuous files such as images, videos, and audio.

Today, digital steganography is one of the important components in the toolboxes of spies and malicious hackers, as well as human rights activists and political dissidents.
What is steganography?

Steganography is the use of various methods to hide information from unwanted eyes. In ancient times, steganography was mostly done physically.

The oldest documented case of steganography dates to 500 BC, in which Histiaeus, the ruler of Milteus, tattooed a message on the shaved head of one of his slaves and let the hair grow back. He then sent the slave to the Aristagoras, his son-in-law, who shaved the slave’s head again and revealed the message.

In the centuries that followed, more modern forms of steganography were invented, such as invisible inks. Today, steganography has moved to the digital world.

“Steganography by definition is the hiding of one file within another,” says Ira Winkler, lead security principal at Trustwave.
How does steganography work?

Steganography works by hiding information in a way that doesn’t arouse suspicion. One of the most popular techniques is 'least significant bit (LSB) steganography. In this type of steganography, the information hider embeds the secret information in the least significant bits of a media file.

For instance, in an image file each pixel is comprised of three bytes of data corresponding to the colors red, green, and blue (some image formats allocate an additional fourth byte to transparency, or ‘alpha’).

LSB steganography changes the last bit of each of those bytes to hide one bit of data. So, to hide one megabyte of data using this method, you’ll need an eight-megabyte image file.

Since modifying the last bit of the pixel value doesn’t result in a visually perceptible change to the picture, a person viewing the original and the steganographically modified images won’t be able to tell the difference.




Steganography is the practice of hiding of one file within another




The same scheme can be applied to other digital media (audio and video), where data is hidden in parts of the file that result in the least change to the audible or visual output.

Another less popular steganography technique is the use of word or letter substitution. Here, the sender of the secret message hides the text by distributing it inside a much larger text, placing the words at specific intervals.

While this substitution method is easy to use, it may also make the text look strange and out of place, since the secret words might not fit particularly well into their target sentences.

There are other types of steganography, such as hiding an entire partition on a hard drive, or embedding data in the header section of files and network packets. The effectiveness of these methods depends on how much data they can hide and how easy they are to detect.
Who uses steganography?

Malicious hackers use steganography for a variety of tasks such as hiding malicious payloads and script files. Malware developers often use LSB steganography to hide the code for their malware in images of celebrities and famous songs and execute them with another program after the file is downloaded on the victim’s computer.

“The term ‘Trojan Horse’ is used to describe a dangerous file hidden within a harmless file. Macro attacks are a form of steganography as well,” Trustwave’s Winkler says.

“Steganography will be used by creative hackers whenever there is a need to bypass protections.”

Cybercriminals, however, are not the only actors who use steganography on a daily basis. Spies use the technique to communicate with their command center without arousing suspicion among their hosts.

Tech-savvy human rights activists and dissidents also use steganography when they want to send sensitive information.




Steganography is used by everyone from human rights activists to cybercriminals
Differences between steganography and cryptography

Steganography is often compared to cryptography. While steganography hides information, cryptography focuses on rendering the data unreadable to everyone except its intended recipient. Once a stream of data is encrypted, only a person who has access to its decryption key will be able to unlock it.

But if cryptography provides better protection for secret data, why use steganography at all?

The presence of cryptography reveals that something is hidden, and in many cases, this is enough to get the sender in trouble.

“In a highly monitored country, like say China or Iran or North Korea, cryptographic files can be detected and the very fact you are sending/receiving them could raise suspicion,” says security researcher John Ortiz.

“When they show up and put a gun to your head for the key, even the most secure crypto is worthless.”

Sometimes, steganography and cryptography are used together.

“Steganography and encryption are not actually mutually exclusive,” says Jerome Segura, director of threat intelligence at Malwarebytes. “The former is mainly a way to conceal data within an image file, but that data doesn’t have to be in clear text either.”

Segura and researchers at Malwarebytes have been recently investigating a case where attackers were using image-based steganography to hide encrypted data. Even if someone discovers the hidden data, they will still need to decrypt it to reveal its contents.
When do malicious hackers use steganography?

“Steganography, as any other obfuscation method, is a way the bad actor will use to keep their malicious code hidden for as long as possible,” says Fioravante Souza, threat research manager at Sucuri. “By embedding malicious code inside benign file types, the hackers increase their chances of getting past threat detection tools and security analysts.

“Such a stealth method makes it harder for security products to detect and protect against the threats that use them. Antivirus products do not usually scan for non-executable file headers (such as sound files, images),” says Ophir Harpaz, a security researcher at Guardicore.

In several cases, the attackers used steganography to hide their malware in images uploaded on social media networks and then used a local tool to download them onto the victims’ computers.

But the use of steganography in cyberattacks is not without its hurdles. “The key challenges with steganography in terms of malware or storing data is that the file size increases. For large amounts of data, it becomes easy to spot. But when it’s not, it becomes more troublesome to find,” says Cesar Anjos, an analyst at Sucuri.


Recent examples of steganography

Detecting steganography can be very tricky, but recent examples of steganography detected in malicious attacks include:
January 2020: Researchers at Malwarebytes reported credit card skimmer code hidden in image files in compromised e-commerce websites.
January 2020: Researchers at Guardicore Labs discovered a cryptominer that was hidden inside WAV audio files.
August 2019: Researchers at TrendMicro find a new variant of keylogger and cryptocurrency stealer malware LokiBot which uses steganography to hide its malicious code inside a jpeg file.
April 2019: a former GE engineer was charged with economic espionage. The employee had encrypted files containing GE’s proprietary information and hidden them in a photo of a sunset.
February 2019: researchers at ad fraud prevention firm Devcon discovered a malvertising campaign using steganography to hide malicious JavaScript code.
December 2018: Malicious actors used steganography to hide malicious code in Twitter memes.
Last updated: February 2020


How to detect steganography

The practice of detecting steganography is called ‘steganalysis’. There are several tools that can detect the presence of hidden data such as StegExpose and StegAlyze. Some analysts use other general analysis tools such as hex viewers to detect anomalies in files.

Finding files that have been modified through steganography continues to remain a challenge, however. For instance, knowing where to start looking for hidden data in the millions of images being uploaded on social media every day is virtually impossible.

“The data looks like/sounds like noise, so it is difficult to distinguish from the existing noise. Or it is in very little data,” Ortiz says. “And there are so many different hiding techniques that you need multiple detection techniques to detect them – there is no one-size-fits-all”

Guardicore’s Harpaz warns: “Threat actors have a decent arsenal of steganography techniques they use as part of their modus operandi – it is not a new trend. As our research shows, it remains in the wild to this day and is not likely to disappear.”

Adposhel adware takes over browser push notifications administration

ADWARE
Adposhel adware takes over browser push notifications administration

Posted: February 6, 2020 by Pieter Arntz


Since late last year, our researchers have been monitoring new methods being deployed by cybercriminals to potentially abuse browser push notifications. Now, an adware family detected by Malwarebytes as Adware.Adposhel is doing just that, taking control of push notifications in Chrome at the administrator level.
What does Adposhel adware do?

The adware uses Chrome policies to ensure that notification prompts will be shown to users ands add some of its own domains to the list of sites that are allowed to push browser notifications. So far nothing new. The recent twist, however, is that Adposhel enforces these settings as an administrator, meaning a regular Chrome user will not be able to change the settings in the notifications menu.

It seems the adware family has now decided to fully deploy this tactic, as we are seeing complaints about it emerging on forums, such as Reddit.

Victims have complained about being unable to remove domains from the list of domains that are allowed to show push notifications, and being unable to change the setting that control whether websites can ask you to allow notifications.

Disabling that setting would stop a user from seeing prompts like these:


If a user were to click Allow on that prompt, this domain would be added to their allowed list of URLs, with the understanding that it could be removed manually in the notifications menu.

Adposhel uses the NotificationsAllowedForUrls policy to block users from removing their entries from the Allow list.

Where you would normally see the three dots (ellipsis) menu icon representing the settings menu, entries submitted to a policy by Adposhel will see an icon telling you the setting is enforced by an administrator.


If you hover over the icon, the accompanying text confirms it.

How do I undo the changes made by Adposhel adware?

This does not mean that you can change that setting just because you are the administrator of the system you are working on, by the way. But if you are the system administrator, you can fix the notification changes made by the Adposhel installer by applying a simple registry fix:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome] "DefaultNotificationsSetting"=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\NotificationsAllowedForUrls]


This is safe to do unless there were legitimate URLs in the list of URLs that were allowed to show notifications by policy, which I doubt. But we always advise to create a backup of the registry before making any changes.

Backing up Registry with ERUNT

Modifying the registry may create unforeseen results, so we always recommend creating a backup prior to doing that.

Please download ERUNT and save the file to the desktop.
Install ERUNT by following the prompts, but say No to the portion that asks you to add ERUNT to the startup folder.
Right-click on the icon and select Run as Administrator to start the tool.
Leave the default location (C:\WINDOWS\ERDNT) as a place for your backup.
Make sure that System registry and Current user registry are ticked.
The third option Other open users registries is optional.
Press OK to backup and then press YES to create the folder.

This tool won’t generate a report. You may uninstall it after you’re done cleaning.
Protection and detection

Malwarebytes detects the installers as Adware.Adposhel.


The URLs enforced by this Adpohel-induced Chrome policy are detected as Adware.ForcedNotifications.ChrPRST.
IOCs

Domains:aclassigned.info chainthorn.com cityskyscraper.com concreasun.info dimlitroom.com durington.info efishedo.info enclosely.info insupposity.info nineteducer.info oncreasun.info parliery.info qareaste.info stilysee.info suggedin.info


Stay safe, everyone!

Free software download sites can be dangerous.

Free software download sites can be dangerous. Visiting a bad site could end up with you smothered in fake download buttons and fake virus and malware warnings, which are usually malware in disguise.


A good internet security suite can protect you against malware-loaded downloads, but it’s better to avoid such free download sites altogether. Stick to tried-and-true sites that are committed to being free of malware and deception.

In addition to personal experience, we used these tools for check website reputations and build our list of the best software download sites:

Web of Trust
URLVoid

In order for a website to qualify for this list, it had to score at least 90% with Web of Trust and 35/36 with URLVoid. No site can ever be 100% safe, but these download sites are generally clean and worthwhile.
1. Ninite



WOT Trustworthiness: 94%
URLVoid Rating: 36/36


For those who don’t know about Ninite, it’s quite simple: the website presents you with a list of programs that you can select, then lets you download a custom installer file that bundles all of the selected programs together so you can install them in bulk.How To Install & Uninstall Windows Programs In Bulk How To Install & Uninstall Windows Programs In BulkA mass installer or uninstaller can save you heaps of time. Remember the last time you set up a new computer? We are going to teach you how to do these tasks in a flash.READ MORE

Ninite is known for its safety and security, so you don’t have to worry about malware or bundled bloatware and junkware. Run the same installer file at a later time and Ninite will automatically update every program.

This is a great tool to download the best Windows software.The Best PC Software for Your Windows Computer The Best PC Software for Your Windows ComputerWant the best PC software for your Windows computer? Our massive list collects the best and safest programs for all needs.READ MORE
2. Softpedia




WOT Trustworthiness: 93%
URLVoid Rating: 36/36

Softpedia is arguably the largest file host on the web, complete with over 850,000 files in its database. Hundreds of them are updated every single day, so not only can you get clean and malware-free programs, but you can be sure that they are as recent as possible.7 Types of Computer Viruses to Watch Out For and What They Do 7 Types of Computer Viruses to Watch Out For and What They DoMany types of computer viruses can steal or destroy your data. Here are some of the most common viruses and what they do.READ MORE

On top of that, it has a fantastic reputation and an easy-to-use interface that makes it painless to browse for programs and drivers of all types—whether on Windows, Mac, Linux, Android, iOS, or Windows Mobile.
3. MajorGeeks




WOT Trustworthiness: 93%
URLVoid Rating: 36/36

Even though the site looks like it’s straight out of the 90s, MajorGeeks has been one of the most reputable software download sites for over 15 years. When a site has a couple thousand users online at any given time, you know it’s providing a great service.

Its list of Top Freeware Picks is a great place to start, but don’t be afraid to browse the left sidebar and look through all kinds of highly-rated programs that you might find handy.
4. FileHippo




WOT Trustworthiness: 93%
URLVoid Rating: 36/36

FileHippo is a well-known site with over 20,000 active programs broken down into 16 helpful categories across Windows, Mac, and Web. But whatever you do, if the site offers you a download manager or anything like that, skip it and go for the direct download instead.

One thing to note is that FileHippo offers an Update Checker program, which scans your system and compares all current programs to see if any of them need to be updated. It’s the easiest way to make sure all of your software is consistently up-to-date.
5. DonationCoder



WOT Trustworthiness: 92%
URLVoid Rating: 36/36

We recently highlighted Donation Coder when we included Automatic Screenshotter in our coverage of free screen recorders for Windows. As you might glean from its name, Donation Coder prides itself on providing free and clean software in exchange for nothing but donations.3 Free Screen Recorders to Capture Your Windows Desktop 3 Free Screen Recorders to Capture Your Windows DesktopYou can use a screen recorder to create tutorials, document bugs for troubleshooting, or track unsolicited activity on your desktop in your absence. Choose from one of our recommended tools.READ MORE

The downside to this site is that you’ll only find utilities created by Donation Coder, so the repository is small and niche. Then again, a lot of the programs are quite useful and interesting, so maybe you’ll find something that catches your eye.
6. Download Crew



WOT Trustworthiness: 91%
URLVoid Rating: 36/36

Despite its cluttered and headache-inducing website, Download Crew is worth using because each listed program has a short but informative review that explains what it does, why it’s good, and what flaws it has.

Want to find some cool new programs? Start with the “Most Popular Downloads” section and the “Editor’s Choice” section (which you can access at the bottom of the home page). Programs are available for Windows, Mac, Linux, Android, and iOS.
7. FileHorse



WOT Trustworthiness: 91%
URLVoid Rating: 36/36

FileHorse doesn’t have a massive repository of software. Instead, this site focuses on only stocking the best and most useful programs and making sure all of them are clean and free of malware and viruses. It’s great for finding popular alternatives to popular programs.
8. FilePuma



WOT Trustworthiness: 90%
URLVoid Rating: 36/36

FilePuma and the aforementioned FileHippo share a lot of similarities—and I’m not just talking about their names. Where FilePuma excels is in its categorization, which is much easier to browse than FileHippo.

FilePuma also has its own Update Detector program to keep your software up to date. Very handy if FileHippo’s tool doesn’t work well for you or if you don’t like it for some other reason.
9. SnapFiles



WOT Trustworthiness: 90%
URLVoid Rating: 36/36

There’s little to differentiate SnapFiles from other free software download sites, but if there’s one thing I like about this one, it’s the “Daily Freeware Pick” that’s highlighted on the home page. If you check in every day, you can occasionally find some really useful tools and utilities.
Where Do You Download Free Software?

Don’t just rely on this list! At the end of the day, staying safe on the Web involves practicing good security habits, such as checking the integrity of files you download with suitable hash checkers. In particular, you should heed these common-sense tips for avoiding malware.

And if you ever slip up and find that your computer has been compromised, follow our guide to cleaning up malware and viruses from your system.10 Steps To Take When You Discover Malware On Your Computer 10 Steps To Take When You Discover Malware On Your ComputerWe would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked...READ MORE

If you also own a Mac, be sure to see our best sites to download secure Mac apps.

7 Top Common Website Vulnerabilities You Should Know - HackersOnlineClub

7 Top Common Website Vulnerabilities You Should Know - HackersOnlineClub: Top Common Website Security Vulnerabilities and their Bug Bounty Reward. Any bug in a website that can be exploited by a researcher or a...

Χρήστες WhatsApp: Το νέο hack που πρέπει να προσέχουν!

Χρήστες WhatsApp: Το νέο hack που πρέπει να προσέχουν!

27 Ιανουαρίου, 2020, 3:45 μμ by Nat BotPak Leave a Comment


Η πρόσφατη επίθεση που δέχτηκε ο δισεκατομμυριούχος ιδιοκτήτης της Amazon, Jeff Bezos, από χάκερς, μέσω ενός κακόβουλου αρχείου που του εστάλη από τον λογαριασμό του πρίγκιπα της Σαουδικής Αραβίας, Mohammed bin Salman, στην εφαρμογή του WhatsApp, έχει προβληματίσει την πλατφόρμα μηνυμάτων του Facebook, γεγονός που την έκανε να ασχοληθεί περισσότερο με τα ζητήματα ασφαλείας. Τώρα μία νέα επίθεση κάνει την εμφάνισή της στην εφαρμογή του WhatsApp. H συγκεκριμένη επίθεση όμως δεν έχει να κάνει με την ακεραιότητα της πλατφόρμας. Οι χρήστες του WhatsApp πρέπει να είναι ιδιαίτερα προσεκτικοί καθώς το νέο hack είναι πολύ εύκολο να εκτελεστεί και εξίσου εύκολο να αποφευχθεί.

Ενδεικτικά, ένα άτομο που δέχτηκε επίθεση από αυτό το hack προειδοποίησε σε μια ομαδική συνομιλία τους υπόλοιπους να μην ανοίξουν ένα μήνυμα σταλμένο από τον λογαριασμό του καθώς είχε χακαριστεί και ζήταγε από άλλους χρήστες να δώσουν έναν εξαψήφιο κωδικό που θα λάμβαναν. Οι χάκερς, φαίνεται ότι είχαν αποκτήσει πρόσβαση στο λογαριασμό του στο WhatsApp και συγκέντρωσαν τους αριθμούς τηλεφώνου των μελών της ομάδας. Στη συνέχεια, ήταν σε θέση να στείλουν στο WhatsApps στα άλλα μέλη της ομάδας, λέγοντάς τους ότι επρόκειτο να λάβουν ένα μήνυμα SMS , με έναν κωδικό, τον οποίον θα έπρεπε να στείλουν πίσω στο άτομο που χακαρίστηκε. Συγκεκριμένα, το hack, δηλαδή το μήνυμα SMS, ήταν ένας κωδικός επαλήθευσης WhatsApp για το λογαριασμό του ατόμου που έλαβε το κείμενο. Έτσι, οι χάκερς θα μπορούσαν να παραβιάσουν άλλον έναν λογαριασμό και να προωθήσουν την απάτη τους. Αυτό είναι πολύ απλούστερο από τη μεταφορά της κάρτας SIM σε μια νέα συσκευή. Το αποτέλεσμα, όμως, είναι το ίδιο.

Για την αποφυγή αυτού του hack οι χρήστες πρέπει απλά να ενεργοποιήσουν μια βασική ρύθμιση ασφαλείας στο WhatsApp, κάτι που δεν διαρκεί πάνω από ένα λεπτό, και στη συνέχεια να κάνουν την επιδιόρθωση. Επιπλέον, οι χρήστες πρέπει να έχουν υπόψιν ότι υπάρχουν πολλές μορφές κινδύνου που ενδέχεται να αντιμετωπίσουν σε εφαρμογές ανταλλαγής μηνυμάτων όπως το WhatsApp. Για παράδειγμα, οι χάκερς χρησιμοποιούν συχνά το λογισμικό υποκλοπής spyware. Πολλοί από αυτούς τους κινδύνους διορθώθηκαν από τις ενημερωμένες εκδόσεις λογισμικού WhatsApp που κάλυψαν κενά ασφαλείας με σκοπό οι χρήστες να παραμείνουν ασφαλείς.

Αξίζει να σημειωθεί ότι ο άμεσος κίνδυνος δεν είναι τόσο για τους ίδιους τους χρήστες που θα δεχτούν την επίθεση όσο για τις επαφές τους. Ο κίνδυνος μπορεί να κρύβεται σε μια κρυπτογραφημένη πλατφόρμα ή ακόμα και σε ένα μήνυμα από ένα οικείο πρόσωπο του χρήστη. Εάν ένας χρήστης έχει δεχθεί αυτή την επίθεση, μπορεί να επαναφέρει τη συσκευή του με ένα νέο SMS και να ανακτήσει όλα τα δεδομένα. Χαρακτηριστικό είναι ότι οι χρήστες που δέχονται την επίθεση αργούν να αντιληφθούν τι ακριβώς συμβαίνει με αποτέλεσμα να δέχονται ακόμα περισσότερους κωδικούς SMS που θα τους εμποδίσουν να αποκαταστήσουν άμεσα το πρόβλημα. Δεν υφίστανται παραβιάσεις δεδομένων.

Μπορείτε να αποφύγετε αυτή την επίθεση με την ενεργοποίηση της χρήσης ενός κωδικού PIN ασφαλείας της επιλογής σας, ακόμα και μια διεύθυνση ηλεκτρονικού ταχυδρομείου που θα χρησιμοποιήσετε εάν ξεχάσετε αυτόν τον κωδικό PIN. Αυτό είναι ξεχωριστό από τον εξαψήφιο κωδικό που θα στείλει το WhatsApp μέσω SMS για να επαληθεύσει μια νέα εγκατάσταση. Είναι πιθανό αυτός ο κώδικας επαλήθευσης να θεωρηθεί ως έλεγχος ταυτότητας δύο παραγόντων.

Τέλος, η διαδικασία “Επαλήθευσης σε δύο βήματα” του WhatsApp μπορεί να βρεθεί στο πλαίσιο “Ρυθμίσεις” που υπάρχει στην εφαρμογή. Πηγη: SecNews.gr