Curated Content | Thought Leadership | Technology News

New Hacking Campaigns Target Email by Embedding Malware in Images

Stocked photo.
Ryan Uliss
Contributing Writer
Two business associates shaking hands before suspicious code appears across the photograph.

Recent research has revealed that cybercriminals are once again adapting and refining their methods to deliver malware and compromise security systems. This time, according to a new report from HP Wolf, two ongoing campaigns have been identified that deploy VIP Keylogger and Obj3ctivityStealer, two ferocious strains of malware primarily spread through email on Gmail and Outlook.

Both strains pose significant threats to email users and organizations. Attackers embed malicious code within seemingly harmless image files, bypassing traditional file scanning systems. Phishing emails disguised as routine business communications further trick users into opening these files.

Attackers are also leveraging trusted platforms like archive.org, a widely used site for hosting files and preserving digital content, to host these malicious payloads, taking advantage of its reputation for safety. This combination of methods makes these campaigns particularly effective, as they exploit assumptions of trust and the low scrutiny typically given to image files and reputable platforms.

Why It Matters: Malware embedded in seemingly harmless image files can harvest sensitive data, leading to financial losses, identity theft, and unauthorized access to critical systems. The accessibility of these tools allows even less-skilled actors to launch damaging attacks, underscoring the need for stronger email filtering, behavioral detection, and user education to counter these latest threats.

  • Malware Embedded in Images: Hacker campaigns delivering VIP Keylogger and 0bj3ctivityStealer are embedding malicious code in image files hosted on legitimate platforms like archive.org. These images bypass traditional security measures such as web proxies, which rely on file reputation for detection. Upon execution, the malware harvests sensitive data like keystrokes, credentials, and clipboard information.
  • Tactics of Social Engineering: Attackers use phishing emails posing as invoices and purchase orders to distribute malware-laden files. The payloads, often compressed in formats like Z and GZ, contain executables or scripts that download and execute the malware. These emails prey on the trust users place in familiar document formats and routine business communications.
  • Role of Generative AI: Evidence from the campaigns suggests that generative AI was used to assist in creating malicious HTML smuggling files. Features like detailed code comments and the page design aligned closely with outputs from GenAI tools like ChatGPT. This points to a growing trend of AI aiding attackers in automating and diversifying their methods.
  • Commodification of Cybercrime: The campaigns highlight how malware kits and shared attack techniques are reducing the need for advanced expertise among attackers. This democratization of cybercrime allows even novice hackers to conduct sophisticated attacks with pre-built tools, increasing the frequency and scale of threats.
  • Detection and Mitigation: To counter threats users should deploy reputable security apps that detect malware, phishing links, and unauthorized system modifications. Combining this with strong cyber hygiene practices offers a comprehensive defense against email-borne malware.

Go Deeper -> Critical Hidden Email Danger Confirmed For Gmail And Outlook Users – Forbes

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer – The Hacker News

Hackers Use Image-Based Malware and GenAI to Evade Email Security – Infosecurity Magazine

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters