What is Steganography?
Steganography is the practice of concealing information or messages which can be private as well as public, within other non-secret text or data.
The technique of hiding text data inside an image’s source code is known as Steganography. Due to incredible difficulties to introduce text inside an image’s source code without corrupting the actual image file, among hacking groups, the technique is not that common. But hackers are rapidly switching to this technique. A clever security researcher opening the file could easily detect something strange and check the image inside a text editor. Because of this, very few attackers employ these tactics.
What is happening actually?
Images resemble any other product photo
The most mindful and interesting fact is that this image was related to products sold on the victim website. Most website owners would not be this nice to come across such images and open it to make sure it worked. At this point, the attacker only had to access this image, then download and extract the data found at the end of the JPG’s source code. If the website owner had inspected the site’s logs for suspicious activity, he would have seen “another” site visitor download “another” image. This happens thousands of times per hour.
An interesting evasion