Security

Steganography: new campaign spreads images containing malware

Steganography: new campaign spreads images containing malware

ANY.RUNone of the leading interactive analytics platforms malwarehas discovered a new and sophisticated cyber attack that uses images to spread malware.

The technique adopted, known as steganography, allows criminals to hide malicious code inside seemingly harmless files, making it difficult for traditional security tools to detect. As you might imagine, this malware distribution strategy represents one of the biggest challenges for cybersecurity experts.

The recently discovered attack appears to start with a common email from phishing which contains a attached o one malicious link.

If the user opens the attachment, a vulnerability is exploited Microsoft Office (CVE-2017-11882) to download the malicious payload. If the user clicks on the link, they are redirected to a website where they are asked to download a file archive. This archive file contains a file Visual Basic Script (VBS) with a misleading file name.

The new attack that uses steganography worries security experts

When the user opens the archive and runs the VBS file, it downloads an image file from a remote server. This image file is not what it seems: in fact, it contains malicious code hidden embedded within it using the aforementioned steganography.

The VBS script then extracts and executes this hidden code, infecting the user’s system with various malware. In this sense, experts have identified some sadly famous names in the environment such as AgentTesla, AsyncRAT, NjRAT, Dtloader e Remcos. These payloads can perform various malicious actions, such as stealing sensitive information, gaining control of the infected system, and downloading additional malware.

Although ANY.RUN offers a tool capable of detecting techniques such as steganography, the advice is to prevent any type of similar attack.

To avoid potential risks, it is therefore a good idea to identify suspicious links and attachments in advance. Furthermore, compared to the past, avoiding executables is no longer sufficient: also PDF and, as just illustrated, simple images can hide enormous dangers.

Leave a Reply

Your email address will not be published. Required fields are marked *