Image appended with the list of targeted institutions
Trend Micro’s security analysts have recently discovered that images of sunsets (and some cats) being shared on the Internet are carrying malware that can hack into bank accounts and begin drawing funds.
The ZBOT malware, detected as TSPY_ZBOT.TFZAH, downloads a JPEG file into the affected system without the user’s knowledge. The user does not even see this particular image, but if someone did happen to see it it would look like an ordinary photo. We encountered an image of a sunset, but other security researchers reported encountering a cat image. (This particular photo appears to have been lifted from popular photo-sharing sites, as it appears in these sites if you search for sunset.)
Using steganography, a list of banks and financial institutions that will be monitored is hidden inside the image. The list includes institutions from across the globe, particularly in Europe and the Middle East. Once the user visits any of the listed sites, the malware will proceed to steal information such as user credentials.
Christopher Budd, Trend Micro’s Global Threat Communications Manager, says, "If you receive an email with a colorful rainbow or cute kitty, don’t open it unless it is from a known party."
Sunsets and Cats Can Be Hazardous to Your Online Bank Account
If you think that your phone may have been hacked so that your adversaries can watch you through the cameras and listen through the mics, one way to solve the problem is to remove the cameras and microphones, and only use the phone with a headset that you unplug when it’s not in use.
Google is pointing a finger at its own website, declaring it “partially unsafe” for web visitors. It’s not clear if the report is one part of the sprawling company telling the truth about another part, a mistake, or a clever “googlebomb” of inbound links designed to trigger this result. In any case, the warnings posted […]
In Hacking Team Malware Para La Vigilancia en América Latina, a new report from Derechos Digitales, we learn how Hacking Team, the hacked-and-disgraced cyber-arms dealer (previously) supplied weapons to corrupt state actors in latinamerica who used them to spy on political opposition, journalists and academics.
If you want to add some real firepower to your programming repertoire, learn Java–one of the most adaptable, widely-used programming platforms around. You can easily do that with this Ultimate Java bundle, now just $69 in the Boing Boing Store.Across 14 lectures and 117 hours of content, the educators at online academy eduCBA will walk you through […]
Every company wants to harness the power of social media, but few understand how to make that happen. Be one of those select few with this Social Media Marketing Course & Certification package, now just $29 in the Boing Boing Store.Over 12 modules of course material, you’ll learn what it takes to increase a brand’s […]
If you’ve got a killer app idea, but don’t have the technical expertise to pull it off, get a crash course in all things app development with the Comprehensive Android Development Bundle, now over 90% off in the Boing Boing Store. Across 83 hours of training, you’ll learn to develop for the world’s most popular mobile OS, mastering […]