When you think of malware, your mind might wander to shady websites or suspicious email attachments. But what if I told you that hackers are now embedding their malicious code into seemingly innocent website images? This alarming tactic, often referred to as malware hidden in images, sounds like something out of a spy film, doesn’t it? Yet, according to researchers at HP Wolf Security, this technique is very much real and on the rise.
Let’s unpack what’s happening and how you can stay safe.
How Are Hackers Pulling This Off?
It turns out cybercriminals are leveraging malware hidden in images hosted on reputable websites, like archive.org, to deliver malware discreetly. By embedding malicious code within these images, hackers can bypass traditional security systems that usually flag suspicious files. Since these images appear harmless when downloaded, they often slip past web proxies and network security systems undetected.
In recent campaigns highlighted by HP Wolf Security’s latest Threat Insights Report, two types of malware, VIP Keylogger and 0bj3ctivityStealer, have been actively distributed using this method. Interestingly, both campaigns rely on the same malicious code and loader, suggesting that two separate groups may be using a shared malware toolkit. The goal? To compromise as many computers as possible while staying under the radar.
It All Starts With a Simple Email
The attack often begins with a phishing email. Imagine receiving what appears to be a routine invoice or purchase order. Attached to the email is an Excel document, which, unbeknownst to you, exploits a well-known vulnerability in Microsoft’s Equation Editor (CVE-2017-11882). This flaw, though ancient, remains an easy target for hackers who rely on users failing to update their software.
Once the Excel document is opened, it downloads a VBScript file, which in turn delivers the malware hidden in images. And just like that, the trap is sprung.
Enter Generative AI: A Game-Changer for Cybercriminals
Generative AI (GenAI) tools are proving to be a double-edged sword in the world of cybersecurity. While these tools have plenty of legitimate applications, they’re also lowering the bar for cybercriminals. According to Alex Holland, Principal Threat Researcher at HP Security Lab, phishing kits created with the help of GenAI are making it easier than ever for attackers to craft convincing bait.
Beyond phishing, GenAI is being used to design malicious HTML documents that can launch malware through a method known as HTML smuggling. In one example uncovered by researchers, an XWorm remote access trojan (RAT) campaign utilised this technique to deliver its payload. The loader used in these attacks was evidently AI-generated, complete with line-by-line descriptions of its functionality.
What Does This Mean for You?
The two main malware types involved in these campaigns, VIP Keylogger and 0bj3ctivityStealer, are classified as infostealers. They can record and exfiltrate sensitive data such as passwords, cryptocurrency wallet details, and other private information. For individuals and businesses alike, the potential impact of malware hidden in images is significant.
How Can You Protect Yourself?
While the tactics of cybercriminals are becoming more sophisticated, there are steps you can take to minimise your risk:
- Keep Your Software Updated: Vulnerabilities like CVE-2017-11882 are often exploited because users fail to install updates. Regularly updating your software is one of the simplest ways to stay protected.
- Be Wary of Unexpected Emails: Phishing emails remain one of the most common ways to deliver malware. Always double-check the sender’s details and avoid opening unexpected attachments.
- Use Advanced Security Solutions: Tools like HP Wolf Security can help identify and block threats that might otherwise go unnoticed.
- Educate Yourself and Your Team: Awareness is your first line of defence. By understanding how these attacks work, you’re less likely to fall victim to them.
- Leverage Professional Digital Services: With our digital services, you can rest assured that your website will remain protected and problem-free. Through our comprehensive monthly maintenance plan, we’ll monitor and secure your site against threats like malware hidden in images, ensuring it stays safe and operational. This proactive approach gives you peace of mind and allows you to focus on what matters most.
Final Thoughts
The world of cybersecurity is constantly evolving, and so too are the tactics of cybercriminals. By hiding malware in website images and leveraging Generative AI, hackers are finding ever-more creative ways to exploit vulnerabilities. However, with vigilance, up-to-date security practices, and a healthy dose of scepticism, you can protect yourself and your sensitive information.
Stay safe, and remember: not everything that looks innocent online is as it seems.
For more information or to learn more about how 1Connect can protect your business be sure to visit our Digital services page.