HOME

TheInfoList



Click Here for Items Related To - stegomalware
OR:
stegomalware on:   [Wikipedia]   [Google]   [Amazon]

Stegomalware is a type of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
that uses
steganography Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, ...
to hinder detection. Steganography is the practice of concealing a file, message, image, or video within another file, message, image, video or network traffic. This type of malware operates by building a steganographic system to hide malicious data within its resources and then extracts and executes them dynamically. It is considered one of the most sophisticated and stealthy ways of
obfuscation Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent u ...
. The term of `stegomalware' was introduced by researchers in the context of mobile malware and presented at Inscrypt conference in 2014. However, the fact that (mobile) malware could potentially utilize steganography was already presented in earlier works: the use of
steganography Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, ...
in malware was first applied to botnets communicating over probabilistically unobservable channels, mobile malware based on
covert channel In computer security, a covert channel is a type of attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 197 ...
s was proposed in the same year. Steganography was later applied to other components of malware engineering such as
return-oriented programming Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing. In this technique, an attacker gains cont ...
and compile-time
obfuscation Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent u ...
, among others. The Europol-supporte
''CUING'' initiative
monitors the use of steganography in malware.


References

{{reflist Computer security