Abstract
Steganography, a data hiding technique, has trended into a lucrative means to hide malware within digital media and other files to avoid detection. Such malware hidden by means of steganography is known as stegomalware. Detecting stegomalware has been difficult and indeed removing such malware from the file is a big challenge. A tool has been created (Verma V, Muttoo SK, Singh VB Detecting stegomalware: malicious image steganography and its intrusion in windows. In: International conference on security, privacy and data analytics. Springer, Singapore (2022). 10.1007/978–981-16–9089-1_9) to detect such malware hidden within widely used JPEG file format. This paper introduces new and significant functionality to our tool (Verma V, Muttoo SK, Singh VB Detecting stegomalware: malicious image steganography and its intrusion in windows. In: International conference on security, privacy and data analytics. Springer, Singapore (2022). 10.1007/978–981-16–9089-1_9) to remove such malware from the file after detection, unlike the existing techniques limited to detection. The tool proposed in this paper has rendered the malicious image files benign with a success rate of 99.92%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Cabaj K, Caviglione L, Mazurczyk W, Wendzel S, Woodward A, Zander S (2018) The new threats of information hiding: the road ahead. IT Prof 20:31–39. https://doi.org/10.1109/MITP.2018.032501746
Mazurczyk W, Wendzel S (2017) Information hiding: challenges for forensic experts. Commun ACM 61:86–94. https://doi.org/10.1145/3158416
Puchalski D, Caviglione L, Kozik R, Marzecki A, Krawczyk S, Choraś M (2020) Stegomalware detection through structural analysis of media files. In: ARES ’20: Proceedings of the 15th international conference on availability, reliability and security. ACM, pp 1–6. https://doi.org/10.1145/3407023.3409187
Aljamea MM, Iliopoulos CS, Samiruzzaman M Detection of URL in image steganography. In: ICC ’16: Proceedings of the international conference on internet of things and cloud computing. ACM, pp 1–6. https://doi.org/10.1145/2896387.2896408
Amsalem Y, Puzanov A, Bedinerman A, Kutcher M, Hadar O (2015) DCT-based cyber defense techniques. In: Proc. SPIE 9599, applications of digital image processing XXXVIII. SPIE. https://doi.org/10.1117/12.2187498
Carrega A, Caviglione L, Repetto M, Zuppelli M (2020) Programmable data gathering for detecting stegomalware. In: 2020 6th IEEE conference on network softwarization (NetSoft). IEEE, pp 422–429. https://doi.org/10.1109/NetSoft48620.2020.9165537
Pevny T, Kopp M, Křoustek J, Ker AD (2016) Malicons: detecting payload in favicons. In: Electronic imaging symposium, media watermarking, security, and forensics. pp 1–9. https://doi.org/10.2352/ISSN.2470-1173.2016.8.MWSF-079
Suarez-Tangil G, Tapiador JE, Peris-Lopez P (2014) Stegomalware: playing hide and seek with malicious components in smartphone apps. In: International conference on information security and cryptology, LNCS. Springer, Cham, pp 496–515. https://doi.org/10.1007/978-3-319-16745-9_27
Badhani S, Muttoo SK (2018) Evading android anti-malware by hiding malicious application inside images. Int J Syst Assur Eng Manag 9:482–493. https://doi.org/10.1007/s13198-017-0692-7
Cao C, Zhang Y, Liu Q, Wang K (2015) Function escalation attack. In: International conference on security and privacy in communication networks, LNICST. Springer, Cham, pp 481–497. https://doi.org/10.1007/978-3-319-23829-6_33
Suarez-Tangil G, Tapiador JE, Lombardi F, Pietro RD (2016) Alterdroid: differential fault analysis of obfuscated smartphone malware. IEEE Trans Mob Comput 15:789–802. https://doi.org/10.1109/TMC.2015.2444847
Verma V, Muttoo SK, Singh VB (2022) Detecting stegomalware: malicious image steganography and its intrusion in windows. In: International conference on security, privacy and data analytics. Springer, Singapore. https://doi.org/10.1007/978-981-16-9089-1_9
Cohen A, Nissim N, Elovici Y (2020) MalJPEG: machine learning based solution for the detection of malicious JPEG images. IEEE Access 8:19997–20011
Pérez JDJS, Rosales MS, Cruz-Cortés N (2016) Universal steganography detector based on an artificial immune system for JPEG images. In: 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, pp 1896–1903. https://doi.org/10.1109/TrustCom.2016.0290
Natarajan V, Sheen S, Anitha R (2012) Detection of StegoBot: a covert social network botnet. In: SecurIT ’12: Proceedings of the first international conference on security of Internet of Things. ACM, pp 36–41. https://doi.org/10.1145/2490428.2490433
Kunwar RS, Sharma P (2017) Framework to detect malicious codes embedded with JPEG images over social networking sites. In: 2017 International conference on innovations in information, embedded and communication systems (ICIIECS). IEEE, pp 1–4. https://doi.org/10.1109/ICIIECS.2017.8276144
Virus scanning website. https://www.virustotal.com
Fridrich J (2004) Feature-based steganalysis for JPEG images and its implications for future design of steganographic schemes. In: International workshop on information hiding, LNCS. Springer, Berlin, Heidelberg, pp 67–81. https://doi.org/10.1007/978-3-540-30114-1_6
Lin C-Y, Chang S-F (2001) A robust image authentication method distinguishing JPEG compression from malicious manipulation. IEEE Trans Circuits Syst Video Technol 11:153–168. https://doi.org/10.1109/76.905982
Cid DB (2013) Malware hidden inside JPG EXIF headers. Sucuri Blog, Website Security News. https://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-exif-headers.html
Shah S (2015) Stegosploit–exploit delivery with steganography and polyglots. In: Briefings, Black Hat Conference. https://www.blackhat.com/eu-15/briefings.html
Khandelwal S (2016) Beware! Malicious JPG images on facebook messenger spreading locky ransomware. In: The Hacker News, Cybersecurity News and Analysis. https://thehackernews.com/2016/11/facebook-locky-ransomware.html
Abrams L (2017) SyncCrypt ransomware hides inside JPG files, appends .KK Extension. Bleeping computer, technology news website. https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension
Zahravi A (2018) Malicious memes that communicate with Malware. Trend Micro, IT Security Company. https://www.trendmicro.com/en_us/research/18/l/cybercriminals-use-malicious-memes-that-communicate-with-malware.html
Osborne C (2019) LokiBot malware now hides its source code in image files. ZDNet, Technology News Website. https://www.zdnet.com/article/lokibot-information-stealer-now-hides-malware-in-image-files
Szappanos G, Brandt A (2019) MyKings botnet spreads headaches, cryptominers, and For share malware. Sophos, Cybersecurity Company. https://news.sophos.com/en-us/2019/12/18/mykings-botnet-spreads-headaches-cryptominers-and-forshare-malware
Malware repository. https://www.virusshare.com
Malware analysis service. https://www.hybrid-analysis.com
Acknowledgements
The authors have contributed to the research without any conflict of interest. The authors are grateful to VirusShare.com [27] and Hybrid-Analysis.com [28] for providing access to their malware repositories. The research, to mention, has not received any grant from any funding agency in the commercial, public, or not-for-profit sectors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Verma, V., Muttoo, S.K., Singh, V.B., Sharma, M. (2023). Removing Stegomalware from Digital Image Files. In: Mishra, A., Gupta, D., Chetty, G. (eds) Advances in IoT and Security with Computational Intelligence. ICAISA 2023. Lecture Notes in Networks and Systems, vol 755. Springer, Singapore. https://doi.org/10.1007/978-981-99-5085-0_2
Download citation
DOI: https://doi.org/10.1007/978-981-99-5085-0_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-5084-3
Online ISBN: 978-981-99-5085-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)