Malware hidden in images strikes at Gmail and Outlook users.
Update, Jan. 19, 2025: This story, originally published Jan. 18, now includes mitigation advice to help protect against the hidden email hacking tactic used by the VIP Keylogger and 0bj3ctivityStealer threat campaigns.
That hackers want your account credentials is no secret, be that from high-speed attacks against Microsoft accounts or two-factor authentication bypass attacks against Google users. The primary initial attack methodology revolves around your email, do not click attacks or phish-free threats alike. Now, security researchers have issued a warning about VIP Keylogger and 0bj3ctivityStealer malware, which are not as easy to spot as they are ingeniously hidden within your email messages. With Gmail and Outlook being the biggest email platforms, users are warned that they should stay particularly alert for these attacks. Here’s what you need to know.
How Hacking Threats Hide In Your Email
Although phishing threats are nothing new, and although they are constantly evolving, most still focus on the same old techniques of clicking on links and executing attached files. However, the latest HP Wolf security threat insights report has issued a warning regarding a critical malware threat being delivered by email while remaining hidden inside images. Not just the one malware threat, in fact, but two.
Security researchers have reported how they caught malware campaigns spreading the VIP Keylogger and 0bj3ctivityStealer hacking threats both using the same initial exploit techniques: hiding malicious code in images. VIP Keylogger can record keystrokes and exfiltrate credentials from a number of sources including apps and clipboard data. 0bj3ctivityStealer is also, as the name suggests, an information stealer and targets both account credentials and credit card data.
“By hiding malicious code in images and hosting them on legitimate websites,” the researchers said, “the attackers were more likely to bypass network security like web proxies that rely on reputation checks.”
“The tactics observed in the report demonstrate that threat actors are repurposing and stitching together attack components to improve the efficiency of their campaigns,” James Coker, writing at Infosecurity Magazine, said.
In what the HP Wolf researchers called “large malware campaigns” spreading the VIP Keylogger threat, emails were sent that posed as invoices and purchase orders to victims, and the investigation uncovered “multiple malicious images” with the most accessed one having been viewed 29,000 times.0bj3ctivityStealer, meanwhile, was sent using archive files pertaining to be requests for quotations. These would, if activated, download an image from a remote server containing the malicious code itself.
Mitigating The Dangers Hiding In Your Email
Google has been building new protections to protect billions of Gmail users from all kinds of cyberattack, including the type of phishing and malware threats exampled by the HP Wolf researchers. In 2024, Gmail’s senior director of product management, Andy Wen, said, “we developed several ground-breaking AI models that significantly strengthened Gmail cyber-defenses, including a new large language model that we trained on phishing, malware and spam.” This helped to block 20% more spam than previous protections by identifying malicious patterns more accurately. Another AI model, Wen said, “acts like a supervisor for our existing AI defenses by instantly evaluating hundreds of threat signals when a risky message is flagged and deploying the appropriate protection.”
Microsoft, meanwhile, said that “all Outlook.com users benefit from spam and malware filtering. For Microsoft 365 Family and Microsoft 365 Personal subscribers, Outlook.com performs extra screening of the attachments and links in messages you receive.” These premium security features are automatically activated for all Microsoft 365 Family and Microsoft 365 Personal subscribers who have email accounts ending in @outlook.com, @hotmail.com, @live.com, and @msn.com.
Article by:Source –
