Hackers hide in plain sight

Next story

A new technique for hackers to share stolen data is arising, where hackers are obtaining personal and financial data via data hacks, then managing to share and send these details in a ‘smokescreen’ of embedding the sensitive data into image files.


Online shopping is a convenient and easy way to shop: no need to leave the sofa as it is delivered straight to your home. However, as this useful shopping tool is becoming the preferred method of shopping, it’s inevitable that hackers will find innovative ways to obtain, collect and share your personal and financial details.

Although in this case, the credit card theft is a simple case of copying data imput; it is the method of transferring the data that takes an interesting twist.

A malicious code takes credit card numbers or login details and sends them over to the attacker’s email address or file, accessible only by them. The image file smokescreen technique has been seen increasingly more recently. The attacker uses image files to hide stolen details from the website owner.

The image file doesn’t always contain a real image, however as it looks just like an image file, no one really suspects it would be any different – especially not to contain malware. This gives the attacker a secret, unsuspecting place to store data, because if the data was stored in plain text, it is more likely to be discovered.

Mark James, ESET IT Security Specialist, explains the benefits of this new image technique, and how to protect yourself from being compromised.

“Once stolen, its fairly easy to identify credit card numbers in plain text files, as they are fairly unique in their structure. The bad guys are looking for ways to move this data without it being picked up by the average software scanning for those items.

“If you embed that information inside an image file, you have a fairly standard container that is seen in so many aspects of our digital world.

“Nobody takes any notice of an image file especially if it actually displays the image with no problems, this would enable you to send those details to almost anywhere unhindered.

“Keeping your website safe against these types of hacks could be as simple as making sure your website is running the very latest version of its software.

“Keeping our systems up to date is very important in all aspects of our digital footprint not just operating systems but the applications that are running on them.

“With so many avenues available for attack it’s imperative we monitor, maintain and update all the software we possibly can.

“If your unable to update due to manufacturers restraints then you should consider using an alternative program that does include regular updates.

“Attacks that are capable of returning an immediate gain like credit cards or financial information are always on the rise.

“The ability to see the fruits of your labours encourage new and better ways to hack those sites that hold this valuable information.”

were you aware other information could be embedded in image files? Let us know on Twitter @ESETUK

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.