Steganography is the art of concealing a secret message within (or even on top of) a non-secret object. That something can be anything you want it to be. Many forms of steganography nowadays include hiding a secret piece of text within a photograph. Alternatively, you may hide a secret message or script inside a Word or Excel document.

Steganography’s goal is to hide and deceive. It is a type of covert communication in which communications are hidden using any media. It isn’t cryptography because it doesn’t encrypt data or require the usage of a key. Instead, it’s a type of data concealment that may be done in a variety of ways. Steganography is a practice that provides secrecy and deception, whereas cryptography is a science that mostly enables privacy.


Malicious actors can use steganography to remain undetected. “We frequently see it being utilized as a first entry point, and once the threat actors are on the network, they will use more tools and code to migrate laterally,” says Jon Clay, Trend Micro’s vice president of threat intelligence.

Secret data is frequently buried inside a picture by ingeniously modifying a few bits. Users can’t identify the difference between the original and the edited photo if they compare them.


PowerShell and BASH scripts are now being used by cybercriminals to automate assaults. Pen testers work the same way. Actual scripts have been embedded in macro-enabled Excel and Word documents, for example. When a victim opens an Excel or Word document, the hidden script is activated.

The attacker does not need to utilize deception to persuade the victim to use Steghide. The hacker – or pentester – is “living off the land” in this situation. To make use of standard Windows apps and capabilities like Excel and PowerShell, the attacker is employing a steganographic application. All the victim has to do is read the document, and a chain of bad events begins.

First, the victim clicks on an Excel document that an attacker has modified using steganography.

That click unleashes a hidden PowerShell script.

This script then installs an installer app into the Windows computer. This installer app moves quickly and is so subtle that typical antivirus applications don’t notice it.

This downloader then goes out onto the internet and grabs updated versions of malware such as URLZone (or more recent tools) that then compromise the victim’s computer.

Over the years, attackers have used the procedure above to deliver ransomware such as Snatch. Hackers have installed sophisticated malware that is cable of keylogging, enlisting computers into DDoS botnets, or installing trojans, such as the latest variants of Rovnix and Pillowmint.

What can companies do to defend themselves against steganography?

It’s quite simple to use steganography during an assault. Protecting against it is becoming more difficult as threat actors get more imaginative and creative. Because code disguised in pictures and other types of obfuscation are more likely to be discovered dynamically by a behavioral engine, companies should adopt new endpoint security technologies that go beyond static checks, basic signatures, and other outmoded components.

He has two further suggestions for businesses and their employees: To begin, if a picture is particularly huge, this might indicate that steganography was employed. Second, firms should concentrate their detection efforts at endpoints, where encryption and obfuscation are more easily detected.

More should be done to educate consumers and create awareness, according to Clay Trend Micro. “Employees should be taught that picture files can contain harmful malware,” he argues. “In addition, online filtering should be in place for safer browsing, and enterprises should keep up with the newest security fixes as soon as they become available.”

UK Cyber Security Ltd is here to help

Please check out our Cyber Essentials Checklist

Please check out our Free Cyber Insurance

If you would like to know more, do get in touch as we are happy to answer any questions. Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us

HTML Snippets Powered By :