Attackers hid malicious code in images they uploaded to archive.org..

Topic

New Reply

https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-january-2025/

In Q3, HP Sure Click caught campaigns spreading VIP Keylogger and 0bj3ctivityStealer malware that relied on the same techniques and loaders to infect PCs. In both campaigns, attackers hid malicious code in images (T1027.009) they uploaded to archive.org, a file hosting website, and used the same .NET loader to install their final payloads.4 By hiding malicous code in images and hosting them on legitimate websites (T1102), the attackers were more likely to bypass network security like web proxies that rely on reputation checks…

4 users thanked author for this post.

SueW, Sky, NaNoNyMouse, Nibbled To Death By Ducks

Reply | Quote

Replies

See:

https://en.wikipedia.org/wiki/Steganography
https://en.wikipedia.org/wiki/Stegomalware
https://en.wikipedia.org/wiki/Steganography#Computer_malware

This is one tough malware vector to detect:

“Stegomalware can be removed from certain files without knowing whether they contain stegomalware or not. This is done through content disarm and reconstruction (CDR) software, and it involves reprocessing the entire file or removing parts from it.[56][57] Actually detecting stegomalware in a file can be difficult and may involve testing the file behaviour in virtual environments or deep learning analysis of the file.”

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

4 users thanked author for this post.

SueW, Sky, NaNoNyMouse, Alex5723

Reply | Quote