New signed campaign to allow victims to download and install the malware via attachment, tricking the antivirus.
Beware of Memes, the satirical and entertaining images that circulate on the web. In particular to those on social media. Trend Micro discovers that cybercrime uses them to spread malware through steganography
Attention to Memes, especially on social media: in addition to laughter they can bring pain, as the cybercrime has armed with malware. Trend Micro cyber security researchers discovered that some hackers began using steganography to insert malicious code into satirical and entertaining images. The goal is to hide them within them to evade the security of potential victims and at the same time attract them to open the pictures and activate the payload. At the end of October, the company’s experts found two Memes with embedded links on Twitter. These lead to malware dubbed TROJAN.MSIL.BERBOMTHUM.AA. Inside there is hidden the command “/ print”, which allows the malicious code to take screenshots of the victim’s infected system and send them to its command and control servers (C2). Moreover, this is able to download other “black” Memes, equipped with different commands.
The commands hidden by cyber criminals in Memes can perform various operations. From gathering information about the victim’s infected machine to capturing content and sending it to command and control servers (C2)
The commands hidden inside the infected Memes, explain the Trend Micro cyber security researchers, can perform various operations. These include collecting information about the victim’s machine, capturing the contents of the clipboard and retrieve the list of running processes. Moreover, the use of steganography applied to Meme is a novelty for cybercrime. This originally was born to hide the communication between two interlocutors. In the field of IT security, however, it is applied – among other things – to hide messages within the lower bits of images or audio and information in encrypted or random data. It has long been used to spread malicious code within images, usually sent via email with malspam campaigns. But so far never linked to satirical content and disseminated on a large scale through social media.