malware sunset

Security group Trend Micro has spotted a rather worrying form of malware, one that uses seemingly innocuous images of a cat or a sunset to directly target and hack certain bank accounts.

The malware is called TSPY_ZBOT.TFZAH, and doesn’t itself come through the images, but rather, once it’s already in place it uses the photos as a way of masking code that might otherwise be easier to spot. The malware itself arrives via the usual channels, through other malware or through visiting an infected site.

Once it’s in place, it will download the image without your knowledge. As Trend Micro explains:

Using steganography, the image contains concealed information for the malware, specifically of various banks to target. If the user then visits one of those bank websites, it intercepts login information, gaining them access to your bank account.

As for the images themselves, they’re popular and widespread photos of indeterminate origin, which further makes it easier to seem like something you might have once downloaded legitimately.

[via BoingBoing]