A new cyber threat hides malware in JPEG images to steal credentials. Users download seemingly harmless images, which extract sensitive data from browsers, emails, and FTP apps. The malware then downloads additional infostealers like Vidar, Raccoon, and Redline.
Symantec has detected this threat and provides protection through multiple security measures. The malware is identified using adaptive detection indicators such as ACM.Ps-Base64!g1, ACM.Ps-Http!g2, ACM.Ps-Wscr!g1, and ACM.Wscr-Ps!g1.
VMware Carbon Black blocks related threats and enforces policies to prevent suspicious programs from running while using cloud scanning for added security.
Symantec’s email security products and Email Threat Isolation (ETI) technology offer an extra layer of protection against email-based attacks.
File-based detection tools, including CL.Downloader!aat171 and ISB.Downloader!gen80, help identify and stop malware. Machine learning models like Heur.AdvML.B further enhance threat detection by identifying advanced threats.
Web-based protection is also in place, with WebPulse-enabled products blocking access to malicious domains and IPs.
Recommendation
- Avoid downloading images or files from untrusted sources.
- Security tools like Symantec and VMware Carbon Black can help prevent infections.
- Regularly update systems with the latest security patches.
- Use advanced threat detection tools to identify hidden malware.
- Understanding these tactics can help protect sensitive information.
Leave A Comment