‘Stegobot’ Steals Passwords, Credit Card Data from Facebook Pics

Take a look at your Facebook photo. Seems innocent enough, right? Well, what if behind the photo, hidden in kilobytes of data and totally invisible, was a list of all your passwords and even your credit card number?

It’s terrifying — and as with most advanced computer hacking techniques, it’s entirely possible.

Researchers from the University of Illinois at Urbana-Champaign and the Indraprastha Institute of Information Technology in New Delhi, India designed Stegobot, a proof-of-concept botnet that attaches to Facebook profiles, and more specifically, and dangerously, steals victims’ confidential information, such as online banking and email passwords, through their Facebook pictures.

The researchers developed Stegobot to show how easy it would be for a hacker to use Facebook photos to sneakily spread large-scale online attacks.

[‘Shocking’ Facebook Video Ends Up Owning Your Computer]

After gaining access to computers though the usual channels — infected attachments or redirects to malware-laden websites — Stegobot employs the technique of steganography to hide data in picture files without altering the picture’s appearance, NewScientist explained.

That means the photo of you and your friends on the beach might be more revealing than you’d hoped.

It’s possible, if Stegobot got its hands on it, that the traditional 720 by 720 pixel image could be harboring 50 kilobytes of data — plenty of space to hide and “transmit any passwords or credit cad numbers that Stegobot might find on your hard drive,” NewScientist wrote.

As if the prospect of a computer harvesting your private financial data through your Facebook pictures wasn’t scary enough, Stegobot can lurk in the shadows of your pictures and covertly infect all your Facebook friends.

After the botnet hides your personal information in a photo and a friend views your Facebook page, their computer becomes infected. They don’t even have to click on the corrupted photo for Stegobot to go to work.

From there, the masses of stolen data makes their way back to the botnet operator, who can extract the payload from each picture and can use it in whatever devious manner he wishes.

Thankfully, Stegobot only exists in a lab. For now.

Article provided by SecurityNewsDaily, a sister site of Laptopmag.com.

Email* (will not be published)
*Indicates required field
Submit Comments

All Product Types Accessories Cars Digital Camcorders Digital Cameras eReaders GPS Laptops MP3 & Video Players Projectors Smartphones Software Storage Tablets / MIDs VoIP Wi-Fi
All Subcategories
All Subcategories All-Purpose Budget Business Desktop Replacement Gaming Multimedia Netbook Nettop Rugged Student Tablet PCs Ultraportable
Acer Alienware Apple Archos ASUS Averatec BenQ CTL Corp. Dell Digital Storm eMachines Emtec Everex Fujitsu GammaTech Gateway General Dynamics Getac Gigabyte Hercules HP HTC iBuyPower Intel Lenovo MSI Nokia Nvidia OCZ OLPC OQO Origin Panasonic Sager Samsung Sony Sylvania Systemax TabletKiosk Toshiba Verizon Viewsonic Viliv VooDoo Workhorse PC ZT Systems
Minimum Rating
Any Rating 4.5 Stars 4.0 Stars 3.5 Stars 3.0 Stars
Screen Size
10 11 12 13 14 15 16 17 18 20 4 5 6 7 8 9
1024x576 1024x600 1024x768 1200X800 1280 x 720 1280x1024 1280x768 1280x800 1366x678 1366x768 1440x1050 1440x900 1600x768 1600x900 1680x1050 1680x945 1920x1080 1920x1200 800x400 800x480
Weight Range
10.1 - 12.0 pounds 12.1 - 14.0 pounds 14.1 - 16.0 pounds 2 lbs 2 pounds and under 2+ lbs 2.1 - 4.0 pounds 4.1 - 6.0 pounds 6.1 - 8.0 pounds 8.1 - 10.0 pounds Over 16 pounds Under 2 pounds
more options