This article presents a proof-of-concept illustrating the feasibility of creating a covert channel between a C&C server and a malware installed in an organization by exploiting an organization’s scanner and using it as a means of interaction. We take advantage of the light sensitivity of a flatbed scanner, using a light source to infiltrate data to an organization. We present an implementation of the method for different purposes (even to trigger a ransomware attack) in various experimental setups using:

https://arxiv.org/pdf/1703.07751.pdf