Steganography attack last seen in 2013 is being brought back to attack PHP sites that allow images to be uploaded. As Threatpost explains, “PHP has a built-in function for extracting that image EXIF metadata and reading it — for instance, as an accessibility feature for the visually impaired. ” So an attacker can put PHP code in the image file’s EXIF fields to have the malware upload to the website.
The Threatpost article goes on to state that the EXIF reading functionality of PHP is so common place with website tool kits that this attack is an easy task for the PHP savvy.
To protect themselves, website owners can first and foremost scan for PHP tags in image files; if present, the images should be examined. Disabling image uploads if they’re not strictly necessary would also of course mitigate the threat.
Threatpost
cybersqueeze 