Backdoor Trojan Ingeniously Hidden Within Joomla Logo

Security firm Sucuri that practices developing security software to benefit website operators recently unearthed one clever tactic of hackers who were capable of concealing backdoor Trojan inside as innocuous a place as the logo site of Joomla Content Management System (CMS), published softpedia.com dated November 4, 2015.

After using base64 to encode the backdoor inside it, the Trojan was included into the copyright pertaining to JPEG logo graphic of Joomla CMS, within the header of its EXIF data.

This graphic usually got exhibited through a .php file within which hackers further changed the code that carried Joomla's logo planted onto it, appending into it a function which ensured that CMS read as well as executed EXIF data of the graphic.

And whilst the above ensured the execution of the backdoor on contaminated websites, the task as well indicated itself as the telltale signal of the hackers' presence.

As different from other instances wherein the code was concealed within graphics, the current instance has attackers implanting the code of their backdoors within the JPEG document devoid of disfiguring the ultimate graphic.

The current instance isn't a lone one where security researchers have found malevolent code concealed within graphics.

During the middle of June 2015, investigators had found out one fresh modular malware sample which concealed its code within graphics with the aim for filching sensitive data.

The Counter Threat Unit of Dell SecureWorks elucidates that a malicious program called Stegoloader employed one method known as digital steganography with which it concealed its payload inside a graphic that otherwise looked harmless.

According to Pierre-Marc Bureau, Senior Security Investigator with Dell SecureWorks, the cyber-criminals responsible for the virus concealed one main constituent of the malicious program inside one PNG (portable network graphic) that got its hosting facility on one lawful website. Scmagazineuk.com published this during mid-June 2015.

Once run, the Stegoloader pulled down the main constituent after which it employed digital steganography for taking out the code placed inside the graphic. It never happens that the constituent gets saved to a compromised PC, implying it's extremely hard for spotting the malicious program with the usual tools.

» SPAMfighter News - 11/11/2015