Gyazo Hides Malware?

Recently I was made enlightened of an issue with the pop screenshot sharing app, Gyazo. An private I follow on Twitter found some malware hiding in their Gyazo folder that appeared to take on a name of one of the applications itself. Interesting, I idea. Is it the app itself that's considered malware or is it something else entirely?

Simulated Alarm! GyazoGIF.exe is a legitimate program.

Screenshot sharing apps may be a new attack vector for malware.

Gyazo itself isn't malware, and information technology was deemed that that specific incident was a simulated positive on the part of Malwarebytes, which has since updated to not recognize it as malware. But that does pose a number of interesting questions nearly such apps, and most embedded pictures and picture links in general.

In fact, using pictures to run scripts and inject programs for nefarious purposes isn't a new venture either. In that location is a group that was spreading such commotion effectually 4Chan some years ago, where you lot had to download and save a picture as something else, which resulted in a script being run that downloaded a trojan in the background. Fifty-fifty steganography, or the hiding of information within a picture itself, is sometimes used equally a way to hibernate a malicious configuration files for other malware to read, and it certainly tin can besides hide larger files, but that doesn't mean that that bit of code really gets executed.

Permissions, and a manner to have it executed are all problems for such things. But those aren't necessarily that limiting in this day and age. Exploits are indeed exploits of things not necessarily thought of equally being such.

I tried sending a steganographically hidden file embedded in a PNG through Gyazo to run into what would happen. The original PNG was 928KB and with the payload it was one.2MB. That isn't necessarily an unusual size for a PNG either. Once sent through Gyazo the size increased, interestingly, to 1.42MB. I was not, still, able to recover the hidden file, which was just the coffee version of Linpack. And so something doe indeed happen on the server side of Gyazo that prevents the injection of malicious software itself. I would accept causeless compression, though the size increase is somewhat telling.

But what about other methods? Peter Gramantik, a security researcher from Securi, found a photo in July 2022 that used the exif data of itself to shop and to facilitate the execution of code. In fact, a simple script to phone call home and download another far more damaging slice of software is admittedly technically possible and even probable. Exif data isn't modified past Gyazo.

There was a vulnerability quite some fourth dimension ago that dealt with how metadata was read by Windows inside the PNG file format. This accidentally allowed capricious code to be executed without any permission on the function of the user. So a flick viewing program could indeed read that exif data and then execute that code. Technically.

The almost likely scenario is only have configuration and scripts being available, though subconscious, to be read by an already installed piece of malware. The ZBOT malware used this approach. In that location were pictures of sunsets and kittens that provided management to the ZBOT, though it was already installed via other means.

So no, Gyazo isn't malware and information technology's not necessarily likely to be spreading any self-executing pictures in the nearly futurity, but that doesn't mean it isn't possible either.

With proper controls in identify, there should exist nary a worry. Making certain UAC is enabled (or that yous have to specifically give admin rights in any other OS), should forbid arbitrary lawmaking from being able to run. That and having a skillful AV software and surfing smart.