Do Son Recently, Sucuri security companies have noticed that hackers have hidden malicious code in the digital information of the image and then hosted on Google’s servers for remote calls.
This method is mainly used to avoid the probability of hackers using their servers to be discovered, that is, to improve the time when malicious code and scripts survive.
Google doesn’t have a security mechanism to detect whether a picture has malicious code, so if the researchers find that the estimated malicious code survives longer.
The security company is tracking down a malicious script trying to steal the account password of the PayPal security tokens, and it can also accept the attacker’s remote control.
However, after careful inspection, the researchers did not find the remote server of the hacker. The original script was to read picture information hidden on the Google server.
The hacker hard-codes the data and puts it in the image. After the researcher’s decoding, the script can upload pre-set malicious code and files.
If you successfully attack the website and get the account and password of the PayPal user account, the relevant information will be automatically sent to the hacker’s receiving mailbox by email.
Researchers say that using images to hide malicious code in the past few years is not new, but most anti-virus software does not scan the security of images.
Therefore, a hacker can upload a picture carrying the malicious code to a public server for a long time to accept the download. After all, the probability of being detected is quite low.
It is easy to detect an exception if it is downloaded via a traditional remote server, and a malicious script will not intercept the request to the Google domain.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
