Security News > 2021 > March > Twitter images can be abused to hide ZIP, MP3 files — here's how
In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter.
Although the art of hiding non-image data in images isn't novel, the fact that the images can be hosted on a popular website like Twitter and are not sanitized opens up a possibility for their abuse by malicious actors.
An image that sings.... Yesterday, researcher and programmer David Buchanan attached example images to his tweets that had data such as entire ZIP archives and MP3 files hidden within.
Although the attached PNG files hosted on Twitter represent valid images when previewed, merely downloading and changing their file extension was enough to obtain different content from the same file.
Steganography techniques are often leveraged by stealthy threat actors as they enable them to hide malicious commands, payload, and other content in ordinary-looking files, such as images.
Because Twitter may be considered a safe host by network monitoring systems, malware distribution via Twitter using such image files remains a viable method for bypassing security programs.