New Steganographic Malware Hides in JPEG Files to Spread Infostealers

A recent cybersecurity threat has been identified, where steganographic malware is being distributed through seemingly innocuous JPEG image files.

This sophisticated campaign involves luring users into downloading obfuscated JPEG files that contain hidden malicious scripts and executables.

Once these files are executed, the malware targets the extraction of sensitive credentials and data from browsers, email clients, and FTP applications.

The malware then triggers a series of events that lead to the download of additional payloads, including customized infostealer tools such as Vidar, Raccoon, and Redline.

Detection and Protection Measures

Symantec has identified this threat and offers protection through various detection mechanisms.

The malware is identified by indicators such as ACM.Ps-Base64!g1, ACM.Ps-Http!g2, ACM.Ps-Wscr!g1, and ACM.Wscr-Ps!g1, which are part of adaptive-based detection systems.

Additionally, VMware Carbon Black products block associated malicious indicators, recommending policies that prevent the execution of known, suspect, and potentially unwanted programs (PUPs), while also leveraging cloud scan capabilities for enhanced protection.

Symantec’s email security products and Email Threat Isolation (ETI) technology provide an extra layer of protection against email-based threats.

File-based detection includes identifiers like CL.Downloader!aat171 and ISB.Downloader!gen80, which help in identifying and mitigating the malware.

Machine learning-based systems, such as Heur.AdvML.B, further enhance detection capabilities by identifying advanced threats.

Web-based protection is also in place, covering observed domains and IPs under security categories in WebPulse enabled products.

Impact and Recommendations

The use of steganography in malware distribution highlights the evolving sophistication of cyber threats.

Users are advised to be cautious when downloading files, especially images, from untrusted sources.

Implementing robust security measures, such as those offered by Symantec and VMware Carbon Black, can significantly reduce the risk of infection.

It is crucial for organizations and individuals to stay updated with the latest security patches and to use advanced threat detection tools to combat such stealthy attacks.

By understanding the tactics used by these malware campaigns, users can better protect themselves against the theft of sensitive information.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free