How Hackers Are Using Photos of Cats and Sunsets to Help Access Your Personal Data

If you already have malware, these photos could be used to get malicious code onto your system

malware sunset

malware sunset

Security group Trend Micro has spotted a rather worrying form of malware, one that uses seemingly innocuous images of a cat or a sunset to directly target and hack certain bank accounts.

The malware is called TSPY_ZBOT.TFZAH, and doesn't itself come through the images, but rather, once it's already in place it uses the photos as a way of masking code that might otherwise be easier to spot. The malware itself arrives via the usual channels, through other malware or through visiting an infected site.

Once it's in place, it will download the image without your knowledge. As Trend Micro explains:

The user does not even see this particular image, but if someone did happen to see it it would look like an ordinary photo. We encountered an image of a sunset, but other security researchers reported encountering a cat image. (This particular photo appears to have been lifted from popular photo-sharing sites, as it appears in these sites if you search for sunset.)

Using steganography, the image contains concealed information for the malware, specifically of various banks to target. If the user then visits one of those bank websites, it intercepts login information, gaining them access to your bank account.

As for the images themselves, they're popular and widespread photos of indeterminate origin, which further makes it easier to seem like something you might have once downloaded legitimately.

[via BoingBoing]