Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter
A new steganography method discovered by security researcher David Buchanan could be exploited by threat actors to spread malicious content inside .PNG image files shared on the social media platform Twitter. Buchanan detailed his discovery via Twitter earlier this week after exploring the technique, which effectively hides data inside Portable Network Graphics (PNG) files posted to Twitter.
Buchanan has made the source code for his method available via his Twitter and a post on GitHub that explains his techniques and methodology. Buchanan’s theory works through Twitter despite the fact that the social media platform strips unnecessary data from PNG uploads because they don’t remove trailing data from the DEFLATE stream. If the overall image file meets the requirements to avoid being re-encoded, Twitter doesn’t mess with most of the data.