The technique is called steganography, and the product is called stegomalware. The payload is concealed as part of some legitimate file, like the pixel data of an image file. It requires the reader software on the targeted system to already be infected, or to have a vulnerability that the payload can exploit.
Some image formats will ignore junk data after the image. So you can probably run cat image.png message.txt to embed text in image files, although I haven’t tried this myself.
Any writeup about how this works?
The technique is called steganography, and the product is called stegomalware. The payload is concealed as part of some legitimate file, like the pixel data of an image file. It requires the reader software on the targeted system to already be infected, or to have a vulnerability that the payload can exploit.
Low Level video: https://www.youtube.com/watch?v=89ysXVYH2Sk (one more reason to hate Webp)
Quick example by John Hammond: https://www.youtube.com/watch?v=JBIbL8zwZOs
Some image formats will ignore junk data after the image. So you can probably run
cat image.png message.txtto embed text in image files, although I haven’t tried this myself.