Another day and another way found to hack into people’s private data. Security firm FireEye has discovered a piece of malware that uses Twitter and Github to attack users computers through online photos, dubbed Hammertoss. The malware generates bogus Twitter accounts that then Tweet a URL and hashtag giving the size and location of an image. Code hidden inside the photo gives instructions to the target computer that allows the hacker to steal the data from it. The hackers are also suspected of using a technique called “steganography”.
What is steganography?
A technique involving making tiny changes to the values used to define the colour of a pixel
In a 24-bit image, each pixel has its colour defined by three numbers – one for each of red, green and blue
A tiny change to each pixel will alter its colour but not so much that humans could spot it. However with the right software, or a reference image, the changes would stand out
The changes can be built up to number (Ascii) codes that define letters, and slowly build up a message
This malware is complex with several different parts to it which makes it hard for anti-virus and anti-malware programs to detect it. FireEye suspects the hackers are based in Russia due to the targets they’ve hit and the data compromised as well as the hours the data was taken. FireEye’s Jen Weedon had this statement to make.
“Hammertoss really challenges network defenders’ ability to identify and differentiate the malware’s command and control communications from legitimate traffic,” she told the BBC.
“In addition, there’s no attacker infrastructure to block so to find this malware you’d need a combination of people, technology and the right intelligence to hunt for, uncover, and neutralise such a sophisticated tool.”
The thing that makes this complex is the malware arrives in two parts. Alone they will not trigger any alerts for viruses or malware and when they arrive and compile together it’s too late. For now it’s probably a good idea not to click on any Twitter accounts you’re not sure of that contain a URL and image location.Source: BBC