Discovery News - Malware often gets delivered via fake emails or links, but now there’s a new way to steal data through your Facebook photos.
Called Stegobot, the malware was developed by researchers at the University of Illinois Champaign-Urbana and the Indraprastha Institute of Information Technology in New Delhi.
ANALYSIS: What Are Botnets?
Stegobot steals data — passwords for example — and then insert the information into a photo. The technique is called steganography, and it’s not new to covert computer operations.
Programs based on this technique work by secretly replacing bits of unused data in computer memory with digital bits of information desired by the theif. About 50 kilobytes of information can be hidden in a photo this way without altering its appearance or alerting the owner of the computer to any suspicious activity. More can be inserted if you don’t mind a stray pixel here and there.
Watch Video
The malware first gets on your computer the way any other malware does: one clicks on a fake link or opens up an email. The clever part of Stegobot is the use of social networks to send the data to the botmaster. When one of your friends looks at your profile, Stegobot takes whatever information it stole and adds it to a photo. Since Facebook downloads files in the background — no clicking on them required — the user won’t see it happening. The stolen data can then be retransmitted via the social network until it eventually reaches the botmaster. More
