Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques like steganography and social engineering.

These methods allow attackers to embed malicious code within seemingly harmless multimedia files, bypassing traditional security measures and deceiving unsuspecting users.

Hackers have used image-based malware to distribute tools like VIP Keylogger and 0bj3ctivity Stealer, which steal sensitive data such as passwords, keystrokes, and screenshots.

These campaigns often begin with phishing emails disguised as legitimate invoices or purchase orders.

Once opened, these emails exploit vulnerabilities to download malicious images containing embedded malware.

The Evolution of Video-Based Malware Delivery

A new frontier in malware delivery involves video files. Dubbed “VidSpam,” this tactic uses lightweight video attachments in multimedia messages (MMS) to lure victims into scams.

For example, attackers have been observed using 14KB .3gp video files that appear benign but redirect users to attacker-controlled platforms like WhatsApp groups.

Once there, scammers employ high-pressure tactics to extract money or personal information from victims.

These video-based attacks mark an evolution from static image abuse, adding credibility to malicious messages while evading detection by traditional content filters.

The small size and low resolution of these videos make them accessible across devices with limited storage or slower networks, further broadening the attack surface.

Steganography: The Hidden Danger in Multimedia

Steganography, a technique for concealing data within other files, has become a favored tool for embedding malware in images and videos.

By manipulating pixel data or metadata, attackers can hide malicious payloads without altering the file’s appearance.

When unsuspecting users open these files, the malware is executed, often bypassing antivirus software.

For example, attackers have used steganography to hide JavaScript code within images or videos that execute upon opening.

This method has been employed in campaigns targeting both individuals and organizations, with applications ranging from ransomware deployment to data exfiltration.

According to Proofpoint, the ubiquity of multimedia messaging makes it a prime target for cybercriminals.

Mobile devices are particularly vulnerable due to their high engagement rates 99% of mobile messages are opened, with 90% read within three minutes of receipt.

Additionally, the use of generative AI (GenAI) has enabled attackers to create highly convincing phishing content at scale, further complicating detection efforts.

To combat these evolving threats, cybersecurity experts recommend the following measures:

• Avoid opening unsolicited attachments or clicking on unknown links.
• Keep software updated to patch vulnerabilities exploited by attackers.
• Use advanced anti-malware tools capable of detecting steganographic techniques.
• Educate users about phishing tactics and the risks associated with multimedia files.

As attackers continue to refine their methods, collaboration between industry stakeholders and heightened vigilance among users will be crucial in mitigating these sophisticated threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free