Traditional antivirus tools are not enough to detect steganography, which needs forensic tools, behavioural analytics and steganalysis platforms in order to spot file structure anomalies.
Scammers are always looking for ingenious ways to carry out their misdeeds, and one such incident happened with a certain Pradeep Jain, who lost more than Rs 2 lakh soon after downloading an image sent to him over WhatsApp, as per a report by Indian Express.
One fine morning the 28-year-old received a call from an unknown number, which also sent him said image a few moments later.
The image was of an elderly man with “Do you know this person?” written on it.
Jain ignored the calls at first, but after the scammers kept incessantly dialling him, he finally gave in and dowloaded the picture. Within minutes, his bank account was left short of Rs 2.01 lakh.
The money was debited from a Hyderabad ATM. When Canara Bank, where Jain had his account, tried to verify the transaction via a phone call, the scammers mimicked his voice and got away with it.
The technology used in this case is called Least Significant Bit (LSB) steganography. With this technology, one can hide data on media files like audio or images by modifying the bits of data units that are the most insignificant.
“The word ‘steganography’ has Greek origins. It means ‘hidden writing’. In cybercrime, this technique is exploited to embed malware or secret instructions inside harmless-looking media files. These hidden payloads often evade traditional detection systems and are triggered only by specific scripts,” an expert told the publication.
“This isn’t a new concept. In 2017, hackers embedded harmful executable code inside GIF files shared on WhatsApp. When downloaded, the hidden code ran in the background, bypassing security settings and accessing the user’s data. Though the vulnerability was patched, this technique made a comeback in 2019 with more refined methods and broader targets.” another said.
Traditional antivirus tools are not enough to detect steganography, which needs forensic tools, behavioural analytics and steganalysis platforms in order to spot file structure anomalies.