Image snatching malware poses new security threat
New breed of Trojan sniffs out personal information in pictures, not documents.
Security researchers have identified a new malware strand that steals image files from computers and sends them to a remote server
The program, detected under the name TSPY_PIXSTEAL.A (Pixsteal-A), is a Trojan that opens all .jpg and .jpeg image files, as well as .dmp memory dump files, and delivers copies of the first 20,000 to the FTP server being used by the cyber criminals behind the malware. It is currently only operational on Windows computers, according to Trend Micro's threat response engineer Raymart Paraiso.
"Though it appears tedious, the potential gain for cybercriminals should they be successful in stealing information is high. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high," he said in a blog post.
The collected images could potentially be used for identity theft, blackmail or to tailor future targeted attacks on individuals or corporations, Paraiso added.
Rik Ferguson, director of security research and communications told IT Pro: "[I believe] this is the first malware that has particularly focused on such a limited set of file types. In some of the nation state sponsored attacks, stealing photographs is of interest ... but if we are talking about the commercial, cybercriminal, widespread side of things ... then this does represent a shift."
Ferguson claims it is possible we will see more of this type of malware, but it will depend on how successfully Pixsteal-A can be monetised.
"There was a report recently on BBC Newsbeat that said self-generated intimate photos were being stolen and used on porn sites. So there is one obvious way that this kind of activity could bring an income for criminals, but whether it becomes more widely adopted and more widespread depends on how successful [this one is at generating revenue]," Ferguson concluded.
How to scale your organisation in the cloud
How to overcome common scaling challenges and choose the right scalable cloud serviceDownload now
The people factor: A critical ingredient for intelligent communications
How to improve communication within your businessDownload now
Future of video conferencing
Optimising video conferencing features to achieve business goalsDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now