Since the beginning of time, men have sought ways to secretly convey messages.

This led to the development and use of ancient cryptographic tools like Skytale and Atbash.

Perhaps, none of these tools or methods have remained in use for as long as steganography.

Surprisingly, it has morphed with technology since medieval times and is still a powerful tool.

So, what is Steganography?

Steganography is the method for hiding some kind of communication – be it a file, an image, a video, or an audio file – inside of another file. These harmless looking files conceal valuable data without any noticeable degradation of the host files’ quality.

That’s the short version.

Now, let’s take a deeper look into steganography, specifically looking at image steganography.

Steganography Techniques

There are several methods for digital steganography.

However, to understand them, you first need a basic understanding of how images are composed.

Images are made up of pixels right?

And those pixels are made up of bits.

Typically, these pixels are made up of 1 byte (8bits) for black and white images and 3 bytes (24 bits) for color images.

Now for computers, those bits have a binary digit value.

0 or 1

This brings us to the first method of steganography:

Least Significant Bit Method

Least Significant Bit (LSB) steganography takes advantage of the bits in binary.

This method of steganography works because of the bit structure of images.

You see:

If you change the last bit in the binary, no visible change is noticed.

That’s because the bit in the last place doesn’t have that much weight compared to everything else.

Here’s what I mean:

If you had 78,652,165 (8 places worth) of marbles, would you notice if I added or took one?

Probably not.

LSB steganography, therefore can change that last bit to be the message that is hidden.

Sometimes, if the hidden message is very large, the last two bits will be taken for the message.

That, however, can lead to image degradation.

Let’s look at an example.

We want to encode this message via steganography:


And the first byte of the image pixel is:


And we’re going to be using the two least significant bits.


Nothing needs to change, right?

Ok, the next part of the message – 11.

The next byte in the image is


In this case, we only have to change one bit.

Not even much change to the image.

We could continue, but you get the point right?

Changing the least significant bit or two has little effect on the image.

However, because it’s such a common method, researchers have begun developing a number of tools to detect the use of LSB steganography.

Thus, another form of steganography was developed:

JPEG Discrete Cosine Transform Steganography

This method of steganography is a fair bit more complex that LSB.

No worries:

I’ll make it super simple for you.

Let’s start with an understanding of Discrete Cosine Transform in image compression.

So, the cosine method of image representation uses cosine waves to represent images.

We can take two cosine waves and merge them together also.

This is what happens when an image is compressed.

But we don’t want a single weight of compression all the time do we?

In Photoshop, for an example, you can select what level of compression you want.

That means we can select the weight that each cosine wave has when we merge them.

One may be more and the other less.

Now, there are 64 basic cosine combinations that make up every image.

If you take a block of your image

Say 8 pixels by 8 pixels, you can determine the “weight” that each pixel gives to the overall image.

That weight is the coefficient

To be super simple, we’ll skip all the technicalities of calculating that coefficient.

However, what you need to know is that the blocks with lesser influence on the main image are bits that can get the hidden message added to them.

And overall, this method of steganography causes much less degradation to the image.

Steganography Attacks

It’s a known fact:

Cybersecurity and cybercrime is a constant game of cat and mouse.

And there doesn’t appear to be any end in sight to that.

Attackers’ use of steganography is a perfect example of this.

A typical cyber attack would work something like this:


The attackers gain a foothold on a network.

They then pivot that foothold and seek to gain access to more valuable assets.

Once they find the data they want, they begin exfiltration.

Usually, this is to a command and control server of some form.

The problem is that security analysts and systems can usually detect this kind of behavior if alerts are properly configured.

To get around this, cyber criminals have begun making use of steganography a lot more recently.

In fact:

Kaspersky Labs has caught several attacks in the past few years where attackers were using steganography to exfiltrate data clandestinely.

The problem:

We don’t have the tools to detect these kinds of attacks.

Hidden Malware

There has also been an increase in the use of steganography to hide and distribute malware.

In fact, numerous attacks in the past few years have hidden malicious code inside of images.

For example:

The Stegoloader malware is a sophisticated piece of malware that hides its payload in images.

When the malware is first deployed, only the main module is installed.

It then runs several tests to be sure that it is not in a sandbox or analysis environment.

If so, it terminates itself.

Otherwise, it begins the process of downloading and installing more modules.

And this is where stego comes in.

The first module that is downloaded comes in an image.

Researchers at Dell’s SecureWorks found that this image which came from a valid hosting provider had the malware hidden in the least significant bits.

The malware continues to download modules and report to the command and control server as needed.

And this is only one example of several of the last few years where attackers have used images to ferry malicious payloads.

Kind of scary when we don’t really have systems capable of recognizing it, right?


As you can see, cybercriminals are smart and adaptive individuals.

Researchers work on developing tools and systems to identify attack methods, and attackers are forced to adapt and develop new methods of attack.

Steganography is one of those attack methods that security researchers are working to conquer.

Unfortunately, they haven’t yet.

Thus, attackers are adapting and using it to their advantage.

Hopefully, in the future, this will change.

For now, steganography remains a powerful method of concealing messages and data.

Leave a Reply

Your email address will not be published. Required fields are marked *

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

121 Resources for you to:

Learn & Master Cyber Security
Send Me the PDF
Get the Exclusive Bonus
Privacy Checklists and My Favorite Resources

Get Instant Access! 
Your information will never be shared

Reasons to Subscribe to the CyberX Email List:


 1. Free Stuff 
You'll get instant access to free resources. 

 2. Content Tailored to You 
Over time, Ill get to learn more about you and deliver content that actually matters

 3. No Hype 
Just real content that's meant to make a difference. 


Download the PDF Version Of This Guide

Want to save this guide for later? I'll email you the PDF for free. 

Would the SMB Cybersecurity Plan Be Helpful?

Do you want a proven plan for security for your SMB? How about a logical plan for reducing the risk of breaches?
Pivot To Infosec Virtual Summit - Are you wanting to pivot to infose?
Check Out Free Event