Researchers Develop Tool To Embed Malware In Instagram Pictures Through Steganography

Instagram has quickly become one of the most popular social media platforms in the world. All of the positive attention makes it a prime target for hackers and internet criminals, though. New attacks against the Instagram platform use steganography to embed malware into pictures viewed by millions of people. A worrisome development, but this may only be a sign of things to come.

Steganography Becomes A Tool For Malware Distribution

The concept of steganography is not new by any means, as it dates back to many years ago. What this solution does is take any image one may have, and allow the owner to embed a message or software code into the picture. To the naked eye this will appear to be yet another random picture, but it is an excellent way to bypass censorship or pass along messages hidden in plain sight.

Unfortunately, any form of technology can also be used for nefarious purposes. Security researchers developed a working proof of concept attack using steganography to spread malware. More particularly, they have successfully done so on the Instagram network, which is quickly becoming the top platform to share visual content and creations.

To make matters worse, there is a known Mac OS X vulnerability that can be exploited to make this an even bigger threat. Through this vulnerability, Mac users running version 10.11.5-6 of the OS are vulnerable to remote attacks just by looking at pictures on Instagram. A very worrisome development, to say the least, although a fix has been included in the latest Mac OS Sierra update.




Attackers can use steganography to establish a command and control channel to remotely control compromised devices. Since Instagram is used by millions of people all over the world, it is much easier to hide in plain sight. Distinguishing between legitimate network traffic and malicious activity is very difficult once these platforms become very popular.

Although this proof of concept was only meant as an educational tool, it is not unlikely that nefarious individuals are using this technology already. Although most people visit Instagram through a mobile device, that doesn’t make them less prone to malware attacks. Particularly, Android users should be careful of what they do on the Internet, as the operating system has been suffering from several security flaws in recent years.

By including a steganographic decoder in the malware code itself, a payload can be extracted from every downloaded image on a computer. This would allow for remote arbitrary code and command execution on the host computer. For now, it remains unclear if any similar attacks have been attempted by hackers and other Internet criminals who are looking to exploit the Instagram platform.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Leave a Reply