Data Hiding Using Code Obfuscation

Digital transformation of many companies and government administrations, now accelerated by the pandemic, provides cybercriminals an increased opportunity of incorporating various types of information hiding techniques into the malicious software and by that perform different types of attacks. By leveraging data hiding methods, attackers can, e.g., exfiltrate confidential information, enable covert transfers between the compromised victim’s machine and an attacker-operated infrastructure, or stealthily transmit additional malicious tools. Furthermore, in the digital era, any type of digital channel can be exploited for data hiding, e.g., digital images, video or audio content, text, or network traffic. That is why it is of great importance to be acquainted with the different techniques that cybercriminals can utilize to design and introduce effective countermeasures and identify/eliminate these threats when they appear. Obfuscation is a popular technique in the software development domain which makes the code illegible and which protects the implemented algorithms and business logic from unauthorized disclosure. In this paper, we investigate whether code obfuscation can be abused for information hiding purposes. The core idea of the proposed information hiding method is to replace some randomly generated strings being a part of the introduced dead code with the encoded secret message. The performed experimental evaluation and obtained results confirm that such process can be easily adopted for data hiding, thus countermeasures need to be adjusted accordingly.