#Steganography

2025-06-16

More Steganography!

A malicious Excel file using steganography was analyzed, revealing embedded XLS sheets and a complex infection chain. The file downloads an HTA file that creates a BAT file, which in turn generates and executes a VBS file. The VBS file fetches a VBA script that creates and runs a PowerShell script. The PowerShell script downloads an image containing a hidden payload delimited by specific tags. The payload is a Base64-encoded PE file, which is decoded and executed as a DLL. The final payload appears to be a Katz stealer. This analysis highlights the use of multiple file types and steganography techniques to evade detection.

Pulse ID: 684da8c81baecf48b68eb91e
Pulse Link: otx.alienvault.com/pulse/684da
Pulse Author: AlienVault
Created: 2025-06-14 16:52:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Excel #InfoSec #OTX #OpenThreatExchange #PowerShell #RAT #Steganography #VBS #bot #AlienVault

2025-06-11

#Steganography en.wikipedia.org/wiki/Stegano... "the practice of representing information within another message or physical object, in such a manner that the presence of the concealed information would not be evident to an unsuspecting person's examination."

Steganography - Wikipedia

Ricardo Alvesopqam
2025-06-10

đŸ› ïž Built a couple of small Python tools:

One writes hidden messages into .ppm images using basic steganography.

The other extracts those messages back out.

It’s just a proof of concept—but feel free to explore or reuse if you're curious.

More details coming in my next blog post.

Just wanted to give a quick heads-up.

Happy poking. 🔍🐚

📎 You can grab them here:

github.com/OPQAM/MigratingCoco

Steffen Wendzelcdpxe@dju.social
2025-06-03

How to describe #steganography methods in a comparable and unified way to aid #replicability?

We combined pre-existing methodology into a single framework. New pre-print + online tool prototype (will get improved soon) on our website: patterns.omi.uni-ulm.de/news/

Full version of the paper and the online tool will be presented at the ARES'25 CUING workshop in August.

#replicability #steganography #covertchannels #informationhiding #infosec #cybersecurity #security #research

Steffen Wendzelcdpxe@dju.social
2025-05-31
Tadeusz SikoraTaS@mastodonczech.cz
2025-05-27

TIL Normy ČSN majĂ­ neviditelnĂœ vodoznak. Tak jo, zlobit budu jen pro vlastnĂ­ potƙebu.
#zsteg #steganography

Thomas Renkert🩞thomasrenkert@hcommons.social
2025-05-23

The #OpenAI paper by Baker et al, "Monitoring Reasoning Models for Misbehavior and the Risks of Promoting Obfuscation" comes to a troubling conclusion: #LLM s with #reasoning or #ChainOfThought (#CoT) capabilities might learn to obfuscate their own CoT from human users if they are being penalized for displaying "wrong" (i.e. reward hacking or misalignment) reasoning.

As a result, OpenAI strongly advises against applying reward pressure "directly" onto the CoT of a model.

đŸ€” While that is certainly the right thing to do, how long will #AI take to figure out that *indirect CoT pressure* is being applied anyway and that it could circumvent these restrictions by obfuscating its own CoT? Maybe something like this will happen by accident or within an "evolutionary" self-improvement loop. Perhaps a sufficiently advanced model will realize that its own #neuralese serves as #steganography to hide its intents from humans anyway and keep its CoT in non-English?

source: cdn.openai.com/pdf/34f2ada6-87

If CoT pressures are used to improve agent capabilities or alignment, there may be no alternative approach to yield the same improvements without degrading monitorability. In the worst case, where the agent learns to fully obscure its intent in its CoT, we ultimately revert to the same model safety conditions that existed prior to the emergence of reasoning models and must rely on monitoring activations, monitoring potentially adversarial CoTs and outputs, or improved alignment methods. Model actions and outputs continue to grow in complexity, and we’ve demonstrated that even at their current capabilities, models can execute sophisticated reward hacks. In the near future, these models may become either too advanced or too widely used for humans to manually oversee. For this reason, we believe that CoT monitoring may become one of few tools we have for identifying latent misalignments, and it may be required that we avoid strong chain-of-thought optimization pressures entirely to guarantee we do not inadvertently cause CoT obfuscation.
Manuel Batschingmba@nerdculture.de
2025-05-22

I wonder if text-to-text #steganography could be used to "poison" #LLMs if all they can scrape from a website is nonsensical coverup text, while the actual text is decoded in the client's browser...

Tycker det Àr rÀtt coolt att man kan ta fram bilden pÄ katten ur bilden pÄ trÀden. #steganography

TvÄ trÀd utan löv mot molnig himmelRandig katt som ser ut att ha det bra
2025-05-15

AnwendungsvorschlĂ€ge fĂŒr das Forschungsdatenzentrum Klappe 384.

#Steganography #dataiscode #epa

nature.com/articles/s41467-024

2025-05-15

Could your npm packages be hiding more than code? One package used invisible Unicode to sneak in malicious commands—an eye-opening twist on cyber threats. How safe is your software supply chain?

thedefendopsdiaries.com/stegan

#steganography
#npmsecurity
#malware
#softwaresecurity
#cyberthreats

2025-05-05
2025-04-28

Check out this interesting article involving late-noughties DVD piracy, the Streisand effect and steganography. en.m.wikipedia.org/wiki/Illega #wikipedia #steganography

2025-04-24

Hongkiat: Hiding Secret Files in Images Using Steghide. “Ever wanted to hide sensitive information in plain sight? That’s exactly what steganography allows you to do. Unlike encryption, which makes data unreadable but obvious that something is hidden, steganography conceals the very existence of the secret data. Steghide is a powerful Linux tool that lets you embed any file into an image [
]

https://rbfirehose.com/2025/04/24/hongkiat-hiding-secret-files-in-images-using-steghide/

Neuronus Computingneuronus_computing
2025-04-14

🔐 Ever wondered how to hide a file inside a photo?

Discover Quantumography – a smart way to protect your data by embedding files inside images with zero trace. In our demo, we hide a private BTC key to show how powerful it is.

đŸŽ„ Watch now: youtu.be/OWx0I2T_vRY

Steffen Wendzelcdpxe@dju.social
2025-04-09

A Generic Taxonomy for #Steganography. Published today by ACM Comp. Surveys (CSUR). Joint-work w/ W. Mazurczyk , @lucacav, A. Mileva, @Jana_Dittmann, @kraetzer, K. Lamshöft, @THB_Security_Research, L. Hartmann, J. Keller, @TN_THB and @niosat

Paper: dl.acm.org/doi/10.1145/3729165

#infosec #surveys #taxonomy #informationhiding #covertchannels #stego

There's supplemental material available (just scroll down on the linked page). It also features the description method for steganography techniques.

DeadSwitch @ T0m's 1T C4feTomsITCafe
2025-03-20

🔍 The hunt isn’t over.
The glitch still hides the key.

💀 If you thought you saw it all, think again.
The treasure remains
 buried in plain sight.

đŸ–Œïž Check the box and decode the secret:
👉 x.com/TomsItCafe/status/190264

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst