If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its code.
This technique is still in use. Let us show you a recent example.
This code was found at the beginning of a malicious script that steals PayPal security tokens.
As you can see, it reads “EXIF data” from a pacman.jpg image hosted on Google’s servers, probably uploaded using a Blogger or Google+ account.