PixelCode began as a research project exploring a hidden technique for storing binary data within images or videos . Instead of leaving a plaintext executable, the file is converted into pixel data, transforming each byte into a color structure. The technique completely changes the way we think about graphics and video files, viewing them as potential vectors of binary data without exposing their actual content.
The underlying concept is simple in idea, but complex in implementation: converting an executable program into a visual map .
This “pixel code” can then be stored inside an image or video, making it seemingly harmless to traditional scanning tools that do not analyze visual content for executable data.
The project documents a multi-step process. The first involves a C++ payload designed for command and control communications, compiled into a standard executable. This executable is not distributed as is, but converted into an MP4 video using a dedicated Python tool.
Once the video is generated with the “Pixel Code,” it can be uploaded to public platforms such as video sharing services. The playlist thus hosts a seemingly innocuous file, a random video, which actually contains binary data ready to be extracted.
The next step uses a C++ loader that includes the video URL . This loader, when run on a system, downloads the video and calls a small Python stager, also embedded in the loader, to convert the pixels back to the original bytes.
This technique opens up unusual scenarios: media files uploaded to trusted services can be used to transport data that eludes traditional security filters , which tend to focus on EXEs or explicit scripts. The underlying idea is that videos aren’t subject to the same rigorous scanning as binary files.
Running the reconstructed payload in memory prevents potentially suspicious files from being written to disk, making detection and removal difficult by antivirus or behavior detection systems.
This project is not a real attack but a demonstration of research and awareness, used to highlight how unconventional techniques can be exploited for code delivery.
Towards the end of the paper, the authors emphasize that the technique is for educational and research purposes only, and should not be used in ways that violate any laws – and this is where S3N4T0R-0X0/Malicious-PixelCode comes in as an example of advanced research.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
