Hackers hide malware into website images to go unnoticed
Share:
Multiple groups are using the same infection chain to deliver different infostealers. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Hackers are hiding malware in website images to go unnoticed and compromise as many computers as possible, experts have warned.
![[A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.]](https://vanilla.futurecdn.net/cyclingnews/media/img/missing-image.svg)
A new Threat Insights Report from HP Wolf Security, based on data from millions of endpoints, claims there are currently large campaigns active spreading VIP Keylogger and 0bj3ctivityStealer. Since the same techniques and loaders are used in both, the researchers suspect two groups are using the same malware kits to deliver different payloads.
“In both campaigns, attackers hid the same malicious code in images on file hosting websites like archive.org, as well as using the same loader to install the final payload,” the researchers explained. “Such techniques help attackers circumvent detection, as image files appear benign when downloaded from well-known websites, bypassing network security like web proxies that rely on reputation.”.
The attack starts with a phishing email pretending to be an invoice, or purchase order. The attachment is usually an Excel document designed to exploit CVE-2017-11882, an ancient bug in the Equation Editor, to download a VBScript file. Alex Holland, Principal Threat Researcher in the HP Security Lab, said phishing kits, paired with Generative AI (GenAI) tools, have significantly lowered the barrier to entry, exacerbating the ever-present risk of malware: “This allows groups to concentrate on tricking their targets and picking the best payload for the job – for instance by targeting gamers with malicious cheat repositories.”.
