Perilous as a picture -- attackers sneak malware into website images
A new report from HP Wolf Security reveals that attackers are hiding malicious code in images on file hosting websites like archive.org, as well as using the same loader to install the final payload.
These techniques help attackers avoid detection, as image files appear benign when downloaded from well-known websites, bypassing network security like web proxies that rely on reputation.
The report also highlights how threat actors are using malware kits and GenAI to improve the efficiency of their attacks. Such tools are reducing the time and skill needed to create attack components, enabling attackers to focus on experimenting with techniques to bypass detection and trick victims into infecting their endpoints, such as embedding malicious code inside images.
Attackers are compromising video game cheat tools and modification repositories hosted on GitHub too, adding executable files containing Lumma Stealer malware. This infostealer scrapes victims' passwords, crypto wallets, and browser information. Users frequently deactivate security tools to download and use cheats, putting them at greater risk of infection without isolation technology in place.
Alex Holland, principal threat researcher in the HP Security Lab, says, "The campaigns analyzed provide further evidence of the commodification of cybercrime. As malware-by-numbers kits are more freely available, affordable, and easy to use, even novices with limited skills and knowledge can put together an effective infection chain. Throw GenAI into the mix to write the scripts, and the barriers to entry get even lower. This allows groups to concentrate on tricking their targets and picking the best payload for the job -- for instance by targeting gamers with malicious cheat repositories."
Amomg other findings, executables remain the most popular malware delivery type (40 percent), followed by archive files (34 percent). There has been a notable rise in .lzh files, which made up 11 percent of archive files analyzed -- with most malicious .lzh archive files targeting Japanese-speaking users.
The full Threat Insights Report can be downloaded from the HP site.
Image credit: peshkov/depositphotos.com