Think Information. Think Security.
You know that hackers will find any way possible to get your company’s financial records, intellectual property or sensitive data about your employees or your customers. Now hackers are targeting the photos you have stored on your computers and smartphones. Trend Micro reported a new malware that steals image files from your computer drives and then sends them to a remote FTP server.

According to the Trend Micro blog: Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .JPG, .JPEG, and .DMP files. Both .JPG and .JPEG files pertain to file formats commonly used for images, while .DMP files are memory dump files that contain information on why a particular system has stopped unexpectedly. 

Once done, it connects to an FTP server where it sends the first 20,000 files to the server. Though it appears tedious, the potential gain for cybercriminals should they be successful in stealing information is high. Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks.
Blackmail has been the concern mentioned most often since the emergence of this new malware. On the ESET Threat Blog, Stephen Cobb mentions the rise of sexting among young people and the number of sexually explicit photos taken with digital cameras. But young people aren’t the only ones participating in this activity. It would be good for everyone to take a moment to consider what images are on your computer and/or phone and ask if it is something you would want someone else to see. Could it put your job or other relationships in jeopardy?

Securing data — including files such as images — is every user’s responsibility. Part of that responsibility, of course, is to prevent being infected by malware.

Cross-posted from: IT Business Edge

Leave a Reply.