See that image of the sunset? It’s pretty, right? How could something so ordinary be a threat? But before you start emailing it to everyone in your contacts list, you might want to take notice of a malware that could be hiding within photos of sunsets, cats, and anything seemingly innocent, which could hack into your bank account. That’s according to research revealed by security software company Trend Micro, which encountered a malware called TSPY_ZBOT.TFZAH that uses steganography to conceal “configuration files.”
Trend Micro says this technique isn’t new, but it’s a concern nonetheless. Here’s how Trend Micro describes it:
“The ZBOT malware, detected as TSPY_ZBOT.TFZAH, downloads a JPEG file into the affected system without the user’s knowledge. The user does not even see this particular image, but if someone did happen to see it it would look like an ordinary photo. We encountered an image of a sunset, but other security researchers reported encountering a cat image. (This particular photo appears to have been lifted from popular photo-sharing sites, as it appears in these sites if you search for sunset.)
“Using steganography, a list of banks and financial institutions that will be monitored is hidden inside the image. The list includes institutions from across the globe, particularly in Europe and the Middle East. Once the user visits any of the listed sites, the malware will proceed to steal information such as user credentials.”
In other words, the malware may or may not affect you. It’s classified as “low risk” and seems to infect only Windows (up to Windows 7), but if you happen to view one of these photos, and you happen to be a customer of one of the targeted banking institutions, you could be at risk of having your credentials stolen (e.g. usernames, passwords, etc.). Of course, being that this information is from Trend Micro, you should run some type of security software to check for malware.