Writing in 2017, one of the authors of this article noted that, “Social media networks represent the largest, most dynamic risk to organizational security and allocating liability.” Unfortunately, with the growth of social media networks since then, this threat has only increased. First identified in 2016, this risk combines digital image steganography and social media in the corporate environment. While neither steganography nor social media are new, it is novel to combine both as a tool for malware distribution.
What is Instegogram?
This scheme, known as “Instegogram,” is the use of social networks, Instagram in particular, as a threat actor’s command-and-control site. Instegogram is unique in that “once the remote system is compromised, encoded images can be posted from the command machine using Instagram’s API. The remote system will download the image, decode it, execute the encoded commands, encode the results in another image, and post back to Instagram.” Instegogram was created for academic purposes, but its potential use as part of a malware attack poses the question of who would be liable for such an attack.
