Skip to content
/ image-malware-detection-and-sanitization Public

Python software project designed to detect and sanitize malware within PNG images

License

GPL-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

paulmuenzner/image-malware-detection-and-sanitization

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
docs
docs
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
main.py
main.py
 
 

Repository files navigation

Codacy Badge Issues MySQL GNU License paulmuenzner github Contributors


Logo

Image Malware Detection and Sanitization

Stegosploit - Hidden Code - Structure Validation
EXPLORE DOCS

Request Feature · Report Bug

Header

About The Project

In today's rapidly evolving digital landscape, the exchange and download of images have become an integral part of our online experience. From social media platforms to web content, images are shared and downloaded at an unprecedented rate. However, amidst this convenience and visual richness, there exists a subtle and often overlooked danger – the hidden risks concealed within seemingly harmless images.

This Python software project is designed to detect and sanitize malware within PNG images. Malicious code embedded in images can pose a serious threat. This software project aims to provide a robust solution for identifying and cleaning such threats. It is currently in the development phase, with ongoing efforts to enhance its capabilities.

Header

Current Features:

  • The current version includes file extension validation, which serves as a foundational security measure.
  • Signature and ending type validation for PNG images.
  • Count validation of the occurrence of each chunk type.
  • Verification of the order and arrangement of chunks relative to each other.

Development Phase:

Planned code sections include additional PNG analysis features to cover various ways in which malicious code can be hidden. This encompasses

  • CRC validations,
  • validation of space between PNG chunks (as code can be concealed there),
  • sanitation methods such as deleting textual chunks (tEXt, zTXt, iTXt).
  • Another planned sanitation measure involves conducting gamma modification to thwart potential stegosploit implementations.

Note on Animation Chunks: The usage of animation chunks like acTL (Animation Control Table) and fcTL (Frame Control) or fdAT in PNG files is relatively uncommon. PNG primarily serves as a format for lossless static images, and other formats like GIF are more widely used for animations.

Purpose

Many users, while enjoying the visual content, may not be fully aware of the potential threats lurking beneath the surface. Malicious actors take advantage of the unsuspecting nature of users, exploiting the widespread use of images as a vector for cyber threats. These actors employ sophisticated techniques to embed harmful code within images.

The goal of these malicious activities is to compromise systems and gain unauthorized access to sensitive information. By incorporating malicious code within an image file, attackers can exploit vulnerabilities in software, execute unauthorized commands, or facilitate the distribution of malware. The very images we share, download, and interact with on a daily basis may harbor concealed dangers that can lead to significant cybersecurity breaches.

This digital era demands heightened awareness and vigilance among users to recognize the potential risks associated with seemingly innocuous images. As technology advances, so do the methods employed by cybercriminals, making it crucial for users to understand and mitigate these risks. This Python project, with its focus on image malware detection and sanitization, plays a pivotal role in addressing these challenges by providing users with a tool to safeguard against hidden threats in their digital visual content.

Use Cases

  1. Web Security:

    • Preventing malicious PNG images from being uploaded to websites, protecting users from potential exploits.

  2. Email Security:

    • Scanning and sanitizing PNG attachments in emails to block malware and enhance overall email security.

  3. Content Management Systems (CMS):

    • Integrating malware detection to ensure that PNG images uploaded to CMS platforms do not contain harmful code.

  4. Digital Forensics:

    • Analyzing PNG images as part of digital forensics investigations to identify and neutralize potential threats.

  5. Secure Image Hosting:

    • Ensuring that PNG images hosted on platforms are free from malware, creating a secure environment for users.

  6. Social Media Security:

    • Implementing checks to verify the integrity of PNG images shared on social media platforms to prevent the spread of malicious content.

  7. Endpoint Security:

    • Detecting and removing malware embedded in PNG images to secure individual devices and endpoints.

  8. E-commerce Platforms:

    • Safeguarding e-commerce platforms by scanning product images to prevent the distribution of malware.

  9. Threat Intelligence:

    • Providing valuable threat intelligence by analyzing patterns and characteristics of PNG malware for broader security awareness.

  10. Mobile App Security:

    • Verifying PNG images used in mobile applications to prevent potential security vulnerabilities.

  11. Cloud Storage Security:

    • Integrating with cloud storage services to ensure that PNG images stored in the cloud are free from malware.

  12. Government and Defense:

    • Employing PNG image malware detection for secure communication and information sharing within government and defense sectors.

  13. Educational Platforms:

    • Protecting educational resources by scanning PNG images used in online courses and educational materials.

  14. Software Development Repositories:

    • Scanning PNG images within code repositories to maintain the integrity and security of software projects.

  15. Embedded Systems Security:

    • Verifying PNG images used in embedded systems to prevent potential security risks in IoT devices and other embedded applications.

Roadmap

  • ✅ Validate file extension (even if very low significance)
  • ✅ Validate if likely malicious excess code before signature or behind IEND positioned
  • ✅ Validate accurate number of permitted chunks in png
  • ✅ Validation arrangement and order of png chunks
  • ✅ Create test cases for the 13 functions located in the "utils" folder and ensure their proper implementation and functionality
  • ⬜️ Create test cases for all functions located in the "services" folder and ensure their proper implementation and functionality
  • ⬜️ Validate correct length of png chunks appearing
  • ⬜️ Validate space between png chunks
  • ⬜️ As precaution, remove tEXt, zTXt and iTXt chunks from image (potential malware source)
  • ⬜️ Conduct gamma modification destroying potential stegosploit cases
  • ⬜️ Add feature for other file types such as JPEG, SVG, WebP or GIF

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

Contributions are more than welcome! See CONTRIBUTING.md for more info.

(back to top)

License

Distributed under the GNU General Public License v2.0. See LICENSE for more information.

(back to top)

Contact

Paul Münzner: https://paulmuenzner.com

Project Link: https://github.com/paulmuenzner/image-malware-detection-and-sanitization

(back to top)

About

Python software project designed to detect and sanitize malware within PNG images

Topics

python image png malware python3 stegosploit

Resources

Readme

License

GPL-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages