Top
image credit: Pixabay

Rare Steganography Hack Can Compromise Fully Patched Websites

July 29, 2019

An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP code into JPEG files’ EXIF headers in order to upload malware onto targeted websites.

Hiding malware in an image file is a well-known way to circumvent detection –many filters and gateways let image file formats pass without too much scrutiny.

Read More on Threat Post