Companies have been making employees aware of malware attacks. They are aware that they should not open executable files from strangers or insert usb thumb drives found from anywhere. However, videos are more common things people open more specially links to videos. Are they aware that they can execute malware just like emails and thumb drives? I would think they will be tricked into opening them.
It is high time that we start to focus on video malware since video is the perfect bait for Social Engineering.
People would normally assume that videos are safe. It has been a norm that people would normally open up videos that are being sent via person to person. Social media has conditioned the minds of the general public to open videos. Some very good examples would be Facebook, Instagram, YouTube, SnapChat, TikTok and other websites where you normally would watch or open videos since they are designed to be addictive and funny. Viral videos are sometimes features in the news. This does not exclude other applications which are publishing videos as well.
Yes it is addicting and considered as the digital drug of our modern times to escape boredom and learn things. On top of that, common folks know videos are safe. This is now being capitalized by cyber criminals since the general population believe they are harmless. Even paranoid security people are likely to open and play videos from time to time.
This habit about watching videos that is now mainstream in our culture has paved a way for video malware. Cyber criminals are now able to embed code into video files. It would become a larger trend embedding code within video files. If it becomes executable, it is considered as stegware.
Numerous file formats have now been used to embed code such as JPG, PNG and BMP file formats for years now. This time, videos are now slowly getting to that level.
It is hard to resist not watching them. A common tactic cyber criminals use is to put a catch phrase saying “Are you in this video?”. People are mostly afraid of having an embarassing or compromising video of them spreading in the internet. Even educated and rational people would open a video or open a link just to make sure. They are often done via messaging platforms where it would make it seem legit from a friend or colleague.
It has already began a few years ago (2014) with a malware called Trojan.FakeFlash.A. It used to appear to place a photo of a facebook friend or show up in facebook feeds. Facebook feeds with text that implied clicking would launch a highly personal video of that friend, according to USA Today is how they operated. This malware was able to infected 2 million systems all over the world.
Although these attacks from 2014 did not involve actual videos, it has incentivized users into clicking on links or opening files.
Newer vulnerabilities and attack vectors involves actual videos as far as the chain of evolution of video malware is involed.
Trend Micro has observed samples involving embedding malware into a Word document which contains videos. This is an easier way to insert malware because it could simply be added to an XML file in the Word folder. These files can be easily modified so that when a victim opens it and clicks on the video, the malicious code is executed.
Even Symantec discovered another attack vector called media file jacking that enabled attackers to alter videos and images on both WhatsApp and Telegram — fortunately, not in a way that enabled code execution.
Android devices using versions 7-9 have yet another vulnerability discovered which could enable cyber criminals to execute code remotely via video-embedded malware. Only caveat is that it needs to be sent directly. Meaning to say, it would be via email. The reason being is that, if it gets uploaded to YouTube for example, the video file gets re-encoded thus modifying the code and prevents it from working.
Google had issued a security update and has fixed that certain flaw. In newer iterations of the Android OS, they are all patched up. Unpatched however, devices are still at risk — especially since the fix unavoidably advertised the vulnerability to threat actors.
There has been no reported exploitation of the vulnerability as of this writing, but it suggests previously unexpected possibilities in the realm of video malware.
With people becoming more and more comfortable with video files, it is not a far fetched trend that might suddenly explode into more sophisticated techniques for stealth that can target mobile devices. Malware developers might tap into this idea of smuggling malware into videos.
Most would not expect these scariest threats to be lurking inside videos. Recent events show that video malware is an intense area of interest for malware social engineering (and now also software engineering).
Computer users love videos. They are addicting to watch and people would open them. In the near future, it would be wise to think before opening them if they are sent directly to you.