Recent research has revealed that cybercriminals are once again adapting and refining their methods to deliver malware and compromise security systems. This time, according to a new report from HP Wolf, two ongoing campaigns have been identified that deploy VIP Keylogger and Obj3ctivityStealer, two ferocious strains of malware primarily spread through email on Gmail and Outlook.
Both strains pose significant threats to email users and organizations. Attackers embed malicious code within seemingly harmless image files, bypassing traditional file scanning systems. Phishing emails disguised as routine business communications further trick users into opening these files.
Attackers are also leveraging trusted platforms like archive.org, a widely used site for hosting files and preserving digital content, to host these malicious payloads, taking advantage of its reputation for safety. This combination of methods makes these campaigns particularly effective, as they exploit assumptions of trust and the low scrutiny typically given to image files and reputable platforms.
Why It Matters: Malware embedded in seemingly harmless image files can harvest sensitive data, leading to financial losses, identity theft, and unauthorized access to critical systems. The accessibility of these tools allows even less-skilled actors to launch damaging attacks, underscoring the need for stronger email filtering, behavioral detection, and user education to counter these latest threats.
- Malware Embedded in Images: Hacker campaigns delivering VIP Keylogger and 0bj3ctivityStealer are embedding malicious code in image files hosted on legitimate platforms like archive.org. These images bypass traditional security measures such as web proxies, which rely on file reputation for detection. Upon execution, the malware harvests sensitive data like keystrokes, credentials, and clipboard information.
- Tactics of Social Engineering: Attackers use phishing emails posing as invoices and purchase orders to distribute malware-laden files. The payloads, often compressed in formats like Z and GZ, contain executables or scripts that download and execute the malware. These emails prey on the trust users place in familiar document formats and routine business communications.
- Role of Generative AI: Evidence from the campaigns suggests that generative AI was used to assist in creating malicious HTML smuggling files. Features like detailed code comments and the page design aligned closely with outputs from GenAI tools like ChatGPT. This points to a growing trend of AI aiding attackers in automating and diversifying their methods.
- Commodification of Cybercrime: The campaigns highlight how malware kits and shared attack techniques are reducing the need for advanced expertise among attackers. This democratization of cybercrime allows even novice hackers to conduct sophisticated attacks with pre-built tools, increasing the frequency and scale of threats.
- Detection and Mitigation: To counter threats users should deploy reputable security apps that detect malware, phishing links, and unauthorized system modifications. Combining this with strong cyber hygiene practices offers a comprehensive defense against email-borne malware.
Go Deeper -> Critical Hidden Email Danger Confirmed For Gmail And Outlook Users – Forbes
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer – The Hacker News
Hackers Use Image-Based Malware and GenAI to Evade Email Security – Infosecurity Magazine