Phishbowl

Smart Tools, Trusted Protection
Stay Safe from Scams!

Steganography

Steganography
Shweta Patel

Raise your hand if you watched the web series ‘The Freelancer’? The show in which a new bride ends up getting abducted into Syria, and is rescued back to India. In one scene, the ‘Freelancer’ sends the victim a harmless looking image to click open to infect the antagonist’s phone? That was an example of steganography.

Steganography is a technique of hiding malicious data inside ordinary files (images, videos, docs) to avoid detection. When opened, the hidden data can execute malware, steal data, or even take control of the device.

This is no longer just the realm of spy fiction. In India scammers have got some major inspo from this espionage trick, to deploy malicious payload onto phones using seemingly harmless channels like WhatsApp.

WhatsApp apparently compresses/processes media files before delivering them. This process usually destroys most steganography payloads, or embedded executables. Other formats like APK, PDF etc. are not compressed if sent via ‘Document sharing’ as opposed to Image sharing. However, if you receive a wedding invitation remember to check the file extensions in the downloads. And if it’s a file anything like WeddingInvite.jpg.exe, it would be the sort of wedding you can easily skip. Trust me.

In what was more generally dubbed as the Wedding Invite scam, during the wedding season in India scammers were sending images that appeared to be wedding invites. These fake invites masked malicious APK files which deployed on the unsuspecting user’s phone and once downloaded installed malware on the device. This essentially handed over access to personal data, control over messages, and essentially the keys to the kingdom, for financial fraud.

But the MO has lately moved away from wedding invites. Recently in another case, the victim was a sent an image of an elderly person and a message asking if he knew the person. On WhatsApp of course. Shortly after there was a call from an unknown caller asking him to click on the image. Victim disconnected. Pesky caller keeps calling. Finally, the victim clicked on it. This triggered the payload. The attackers took over the phone and within a short time span the victim lost 2 Lac or so. Please note, unlike this scenario, stego attacks can also zero click attacks under certain conditions.

What are some of the things you can do to remain safe?

  • Don’t open files from unknown contacts, even if it looks like an image.
  • Check file extensions on downloads.
  • Disable auto-downloads on WhatsApp.
  • Use an antivirus to check if you suspect stego content (cute_kittens.gif.exe)
  • On Android, restrict permissions (storage access) for messaging apps.
  • Update apps regularly to patch vulnerabilities