Skip to main content
SpringerLink
Log in

Removing Stegomalware from Digital Image Files

  • Conference paper
  • First Online:
Advances in IoT and Security with Computational Intelligence (ICAISA 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 755))

Included in the following conference series:

  • 195 Accesses

Abstract

Steganography, a data hiding technique, has trended into a lucrative means to hide malware within digital media and other files to avoid detection. Such malware hidden by means of steganography is known as stegomalware. Detecting stegomalware has been difficult and indeed removing such malware from the file is a big challenge. A tool has been created (Verma V, Muttoo SK, Singh VB Detecting stegomalware: malicious image steganography and its intrusion in windows. In: International conference on security, privacy and data analytics. Springer, Singapore (2022). 10.1007/978–981-16–9089-1_9) to detect such malware hidden within widely used JPEG file format. This paper introduces new and significant functionality to our tool (Verma V, Muttoo SK, Singh VB Detecting stegomalware: malicious image steganography and its intrusion in windows. In: International conference on security, privacy and data analytics. Springer, Singapore (2022). 10.1007/978–981-16–9089-1_9) to remove such malware from the file after detection, unlike the existing techniques limited to detection. The tool proposed in this paper has rendered the malicious image files benign with a success rate of 99.92%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cabaj K, Caviglione L, Mazurczyk W, Wendzel S, Woodward A, Zander S (2018) The new threats of information hiding: the road ahead. IT Prof 20:31–39. https://doi.org/10.1109/MITP.2018.032501746

    Article  Google Scholar 

  2. Mazurczyk W, Wendzel S (2017) Information hiding: challenges for forensic experts. Commun ACM 61:86–94. https://doi.org/10.1145/3158416

    Article  Google Scholar 

  3. Puchalski D, Caviglione L, Kozik R, Marzecki A, Krawczyk S, Choraś M (2020) Stegomalware detection through structural analysis of media files. In: ARES ’20: Proceedings of the 15th international conference on availability, reliability and security. ACM, pp 1–6. https://doi.org/10.1145/3407023.3409187

  4. Aljamea MM, Iliopoulos CS, Samiruzzaman M Detection of URL in image steganography. In: ICC ’16: Proceedings of the international conference on internet of things and cloud computing. ACM, pp 1–6. https://doi.org/10.1145/2896387.2896408

  5. Amsalem Y, Puzanov A, Bedinerman A, Kutcher M, Hadar O (2015) DCT-based cyber defense techniques. In: Proc. SPIE 9599, applications of digital image processing XXXVIII. SPIE. https://doi.org/10.1117/12.2187498

  6. Carrega A, Caviglione L, Repetto M, Zuppelli M (2020) Programmable data gathering for detecting stegomalware. In: 2020 6th IEEE conference on network softwarization (NetSoft). IEEE, pp 422–429. https://doi.org/10.1109/NetSoft48620.2020.9165537

  7. Pevny T, Kopp M, Křoustek J, Ker AD (2016) Malicons: detecting payload in favicons. In: Electronic imaging symposium, media watermarking, security, and forensics. pp 1–9. https://doi.org/10.2352/ISSN.2470-1173.2016.8.MWSF-079

  8. Suarez-Tangil G, Tapiador JE, Peris-Lopez P (2014) Stegomalware: playing hide and seek with malicious components in smartphone apps. In: International conference on information security and cryptology, LNCS. Springer, Cham, pp 496–515. https://doi.org/10.1007/978-3-319-16745-9_27

  9. Badhani S, Muttoo SK (2018) Evading android anti-malware by hiding malicious application inside images. Int J Syst Assur Eng Manag 9:482–493. https://doi.org/10.1007/s13198-017-0692-7

    Article  Google Scholar 

  10. Cao C, Zhang Y, Liu Q, Wang K (2015) Function escalation attack. In: International conference on security and privacy in communication networks, LNICST. Springer, Cham, pp 481–497. https://doi.org/10.1007/978-3-319-23829-6_33

  11. Suarez-Tangil G, Tapiador JE, Lombardi F, Pietro RD (2016) Alterdroid: differential fault analysis of obfuscated smartphone malware. IEEE Trans Mob Comput 15:789–802. https://doi.org/10.1109/TMC.2015.2444847

    Article  Google Scholar 

  12. Verma V, Muttoo SK, Singh VB (2022) Detecting stegomalware: malicious image steganography and its intrusion in windows. In: International conference on security, privacy and data analytics. Springer, Singapore. https://doi.org/10.1007/978-981-16-9089-1_9

  13. Cohen A, Nissim N, Elovici Y (2020) MalJPEG: machine learning based solution for the detection of malicious JPEG images. IEEE Access 8:19997–20011

    Article  Google Scholar 

  14. Pérez JDJS, Rosales MS, Cruz-Cortés N (2016) Universal steganography detector based on an artificial immune system for JPEG images. In: 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, pp 1896–1903. https://doi.org/10.1109/TrustCom.2016.0290

  15. Natarajan V, Sheen S, Anitha R (2012) Detection of StegoBot: a covert social network botnet. In: SecurIT ’12: Proceedings of the first international conference on security of Internet of Things. ACM, pp 36–41. https://doi.org/10.1145/2490428.2490433

  16. Kunwar RS, Sharma P (2017) Framework to detect malicious codes embedded with JPEG images over social networking sites. In: 2017 International conference on innovations in information, embedded and communication systems (ICIIECS). IEEE, pp 1–4. https://doi.org/10.1109/ICIIECS.2017.8276144

  17. Virus scanning website. https://www.virustotal.com

  18. Fridrich J (2004) Feature-based steganalysis for JPEG images and its implications for future design of steganographic schemes. In: International workshop on information hiding, LNCS. Springer, Berlin, Heidelberg, pp 67–81. https://doi.org/10.1007/978-3-540-30114-1_6

  19. Lin C-Y, Chang S-F (2001) A robust image authentication method distinguishing JPEG compression from malicious manipulation. IEEE Trans Circuits Syst Video Technol 11:153–168. https://doi.org/10.1109/76.905982

    Article  Google Scholar 

  20. Cid DB (2013) Malware hidden inside JPG EXIF headers. Sucuri Blog, Website Security News. https://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-exif-headers.html

  21. Shah S (2015) Stegosploit–exploit delivery with steganography and polyglots. In: Briefings, Black Hat Conference. https://www.blackhat.com/eu-15/briefings.html

  22. Khandelwal S (2016) Beware! Malicious JPG images on facebook messenger spreading locky ransomware. In: The Hacker News, Cybersecurity News and Analysis. https://thehackernews.com/2016/11/facebook-locky-ransomware.html

  23. Abrams L (2017) SyncCrypt ransomware hides inside JPG files, appends .KK Extension. Bleeping computer, technology news website. https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension

  24. Zahravi A (2018) Malicious memes that communicate with Malware. Trend Micro, IT Security Company. https://www.trendmicro.com/en_us/research/18/l/cybercriminals-use-malicious-memes-that-communicate-with-malware.html

  25. Osborne C (2019) LokiBot malware now hides its source code in image files. ZDNet, Technology News Website. https://www.zdnet.com/article/lokibot-information-stealer-now-hides-malware-in-image-files

  26. Szappanos G, Brandt A (2019) MyKings botnet spreads headaches, cryptominers, and For share malware. Sophos, Cybersecurity Company. https://news.sophos.com/en-us/2019/12/18/mykings-botnet-spreads-headaches-cryptominers-and-forshare-malware

  27. Malware repository. https://www.virusshare.com

  28. Malware analysis service. https://www.hybrid-analysis.com

Download references

Acknowledgements

The authors have contributed to the research without any conflict of interest. The authors are grateful to VirusShare.com [27] and Hybrid-Analysis.com [28] for providing access to their malware repositories. The research, to mention, has not received any grant from any funding agency in the commercial, public, or not-for-profit sectors.

Author information

Authors and Affiliations

  1. Deen Dayal Upadhyaya College, University of Delhi, Delhi, India

    Vinita Verma

  2. Department of Computer Science, University of Delhi, Delhi, India

    Sunil K. Muttoo

  3. School of Computer & Systems Sciences, JNU, Delhi, India

    V. B. Singh

  4. SSN College, University of Delhi, Delhi, India

    Meera Sharma

Authors
  1. Vinita Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sunil K. Muttoo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. B. Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Meera Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vinita Verma .

Editor information

Editors and Affiliations

  1. Department of Electronics, Deen Dayal Upadhyaya College, University of Delhi, New Delhi, India

    Anurag Mishra

  2. Department of Computer Science and Engineering, MNNIT Allahabad, Prayagraj, India

    Deepak Gupta

  3. Faculty of Science and Technology, University of Canberra, Bruce, ACT, Australia

    Girija Chetty

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Verma, V., Muttoo, S.K., Singh, V.B., Sharma, M. (2023). Removing Stegomalware from Digital Image Files. In: Mishra, A., Gupta, D., Chetty, G. (eds) Advances in IoT and Security with Computational Intelligence. ICAISA 2023. Lecture Notes in Networks and Systems, vol 755. Springer, Singapore. https://doi.org/10.1007/978-981-99-5085-0_2

Download citation

Publish with us

Policies and ethics

Search

Navigation