Security News > 2021 > March > Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter

A security researcher has discovered a novel steganography technique for hiding data inside a Portable Network Graphics image file posted on Twitter, a tactic that could be exploited by threat actors to hide malicious activity.

Specifically, Buchanan demonstrated how he could hide both MP3 audio files and ZIP archives within the PNG images hosted on Twitter.

The reason he was successful is because while Twitter strips unnecessary data from PNG uploads, they don't remove trailing data from the DEFLATE stream inside the IDAT chunk if the overall image file meets the requirements to avoid being re-encoded, he explained.

There are some requirements for both the images used to obscure files and the files being hidden inside them for his method to work, Buchanan explained.

For embedded files, the total output file size must be less than potentially 5MB, but kept under 3MB to be on the safe side, otherwise Twitter will convert the PNG to a JPEG file, Buchanan explained.

The original 6KB image Buchanan tweeted with the declaration of his finding-once opened and its file format changed to ZIP-contained an entire ZIP archive with his source code that anyone can use to pack miscellaneous contents into a PNG image, according to the report.

News URL

https://threatpost.com/researcher-hides-files-in-png-twitter/164881/