Cybersecurity researchers have warned that Malware hidden in images targets Gmail and Outlook users. The VIP Keylogger and 0bj3ctivityStealer malware campaigns conceal malicious code within seemingly benign images in email messages. VIP Keylogger can record keystrokes and steal credentials from various sources, including apps and clipboard data.
0bj3ctivityStealer specifically targets account credentials and credit card information. The researchers explained that by hiding malicious code in images hosted on legitimate websites, the attackers were more likely to bypass network security measures like web proxies that rely on reputation checks. Emails containing these threats often pose as invoices and purchase orders.
Investigations found multiple malicious images, with one being accessed 29,000 times. 0bj3ctone, which was archive files disguised as requests for quotations, which downloads an image containing the malicious code when opened. Google has built new protections for Gmail users.
In 2024, Andy Wen, senior director of product management for Gmail, noted that they developed several AI models that significantly strengthened Gmail’s cyber defenses, including a new large language model (LLM) cyber defense. These models are based on phishing, malware, and spam. These models have helped block 20% more spam and has also ensured that all Outlook.com users benefit from spam and malware filtering.
Microsoft 365 Family and Personal subscribers get additional premium security features, including extra screening of attachments and links. Users must remain vigilant and take advantage of the security features offered by their email providers to safeguard their information in light of these ongoing threats. Threat actors use malware kits and generative AI (GenAI) to enhance their attacks, according to HP Wolf Security’s latest Threat Insights Report.
Malware embedded in email images
These tools allow attackers to test sophisticated methods like embedding malicious code in website images. The report highlights the use of malware-by-numbers kits in campaigns like VIP Keylogger and 0bj3ctivityStealer, which use similar techniques and loaders, suggesting the kits are shared across groups.
The malicious code is hidden in images on archive.org to avoid detection. An XWorm remote access trojan campaign using HTML smuggling was also identified. It uses malicious scripts likely created with GenAI to download additional harmful content.
The detailed loader description indicates it may have been made using GenAI. Attackers compromise video game cheat tool repositories on GitHub with Lumma Stealer malware. This info stealer collects sensitive data from users who often disable security using cheat tools.
Alex Holland from HP Security Lab noted that the increasing availability of malware kits and GenAI lowers the barriers to entry for cybercriminals, allowing them to focus on tricking targets and picking effective payloads. HP Wolf Security has insight into these techniques through its ability to isolate threats on PCs. Despite over 65 billion interactions with potentially risky content, no breaches have been reported among their customers.
The report data from Q3 2024 shows cybercriminals diversifying attack methods to evade detection. There was a rise in .lzh files targeting Japanese-speaking users. Dr.
Ian Pratt from HP suggests organizations should focus on reducing their attack surface by isolating risky activities rather than trying to detect rapidly shifting infection methods. HP Wolf Security uses hardware-enforced virtual machines to run potentially risky tasks in isolation.
Cameron is a highly regarded contributor in the rapidly evolving fields of artificial intelligence (AI) and machine learning. His articles delve into the theoretical underpinnings of AI, the practical applications of machine learning across industries, ethical considerations of autonomous systems, and the societal impacts of these disruptive technologies.
