Stegomalware

Stegomalware is a type of malware that uses steganography to hinder detection. Steganography is the practice of concealing a file, message, image, or video within another file, message, image, video or network traffic. This type of malware operates by building a steganographic system to hide malicious data within its resources and then extracts and executes them dynamically. It is considered one of the most sophisticated and stealthy ways of obfuscation.

The term of "stegomalware" was introduced by researchers in the context of mobile malware and presented at Inscrypt conference in 2014.^[1] However, the fact that (mobile) malware could potentially utilize steganography was already presented in earlier works: the use of steganography in malware was first applied to botnets communicating over probabilistically unobservable channels,^[2] mobile malware based on covert channels was proposed in the same year.^[3] Steganography was later applied to other components of malware engineering such as return-oriented programming^[4] and compile-time obfuscation,^[5] among others.^[6]

The Europol-supported CUING initiative monitors the use of steganography in malware.^[7]

References

1. Suarez-Tangil, Guillermo; Tapiador, Juan E; Peris-Lopez, Pedro (2014). "Stegomalware: Playing Hide and Seek with Malicious Components in Smartphone Apps". In Dongdai Lin; Moti Yung; Jianying Zhou (eds.). Information Security and Cryptology. 10th International Conference, Inscrypt. Vol. 8957. Beijing, China: Springer International Publishing. pp. 496–515. doi:10.1007/978-3-319-16745-9_27. ISBN 978-3-319-16745-9.
2. Nagaraja, Shishir; Houmansadr, Amir; Piyawongwisal, Pratch; Singh, Vijit; Agarwal, Pragya; Nikita, Borisov (May 2011). "Stegobot: A Covert Social Network Botnet". Lecture Notes in Computer Science. 13th International Conference Information Hiding. Vol. 6958. Springer Berlin Heidelberg. pp. 299–313. doi:10.1007/978-3-642-24178-9_21.
3. Wendzel, Steffen; Keller, Jörg (2011), "Low-Attention Forwarding for Mobile Network Covert Channels", Communications and Multimedia Security, Springer Berlin Heidelberg, pp. 122–133, doi:10.1007/978-3-642-24712-5_10, ISBN 9783642247118
4. Lu, Kangjie, Siyang Xiong, and Debin Gao (2014). Ropsteg: Program steganography with return oriented programming. 4th ACM conference on Data and application security and privacy.
5. Schrittwieser, Sebastian; et al. (2014). "Covert Computation—Hiding code in code through compile-time obfuscation". Computers & Security. 42: 13–26. doi:10.1016/j.cose.2013.12.006.
6. Andriesse, Dennis & Herbert Bos (2014). "Instruction-Level Steganography for Covert Trigger-Based Malware". Detection of Intrusions and Malware, and Vulnerability Assessment.
7. Mazurczyk, Wojciech; Wendzel, Steffen (2017-12-27). "Information hiding: Challenges for forensic experts". Communications of the ACM. 61 (1): 86–94. doi:10.1145/3158416. ISSN 0001-0782. S2CID 21118544.