Photos of colorful sunsets and cute kitties will drain your bank account

Image appended with the list of targeted institutions

Trend Micro’s security analysts have recently discovered that images of sunsets (and some cats) being shared on the Internet are carrying malware that can hack into bank accounts and begin drawing funds.

The ZBOT malware, detected as TSPY_ZBOT.TFZAH, downloads a JPEG file into the affected system without the user’s knowledge. The user does not even see this particular image, but if someone did happen to see it it would look like an ordinary photo. We encountered an image of a sunset, but other security researchers reported encountering a cat image. (This particular photo appears to have been lifted from popular photo-sharing sites, as it appears in these sites if you search for sunset.)

Using steganography, a list of banks and financial institutions that will be monitored is hidden inside the image. The list includes institutions from across the globe, particularly in Europe and the Middle East. Once the user visits any of the listed sites, the malware will proceed to steal information such as user credentials.

Christopher Budd, Trend Micro’s Global Threat Communications Manager, says, "If you receive an email with a colorful rainbow or cute kitty, don’t open it unless it is from a known party."

Sunsets and Cats Can Be Hazardous to Your Online Bank Account

Notable Replies

  1. Trend Micro’s security analysts have recently discovered that images of sunsets (and some cats) being shared onInternet are carrying malware that can hack into bank accounts and begin drawing funds

    Wrong wrong WRONG. The malware isn't carried by the image, instead when a computer is infected it downloads configuration files that are hidden within image data, presumably to avoid virus checkers recognising the configuration files and alerting the user.

    The images themselves can't infect someone, the malware must install itself through other means (Flash/Java exploits etc.)

  2. Old says:

    Oh, sure, blame the dinosaurs.

  3. Old says:

    You can't fool me.

  4. petzl says:

    These are the JPGs to be frightened of: JPGs which appear as such in the desktop icon, but are really EXEs that exploit a graphics feature.

  5. Oh my God! A headline on Boing Boing that's totally misleading clickbait? How can this be?

Continue the discussion bbs.boingboing.net

22 more replies

Participants