The New Threats of Information Hiding: the Road Ahead

TL;DR

This paper discusses the rising use of information hiding techniques by malware from 2011 to 2017 to evade security measures, highlighting the need for better detection and countermeasures.

Contribution

It provides a comprehensive overview of real-world malware exploiting diverse information hiding methods, emphasizing the increasing threat and current gaps in countermeasures.

Findings

Growing number of malware with data hiding capabilities

Lack of effective universal countermeasures

Focus on threats observed between 2011 and 2017

Abstract

Compared to cryptography, steganography is a less discussed domain. However, there is a recent trend of exploiting various information hiding techniques to empower malware, for instance to bypass security frameworks of mobile devices or to exfiltrate sensitive data. This is mostly due to the need to counteract increasingly sophisticated security mechanisms, such as code analysis, runtime countermeasures, or real-time traffic inspection tools. In this perspective, this paper presents malware exploiting information hiding in a broad sense, i.e., it does not focus on classical covert channels, but also discusses other camouflage techniques. Differently from other works, this paper solely focuses on real-world threats observed in the 2011 - 2017 timeframe. The observation indicates a growing number of malware equipped with some form of data hiding capabilities and a lack of effective and universal countermeasures.