Thursday, May 8, 2025
Homecyber securityNew Steganographic Malware Hides in JPEG Files to Spread Infostealers

New Steganographic Malware Hides in JPEG Files to Spread Infostealers

Published on

SIEM as a Service

Follow Us on Google News

A recent cybersecurity threat has been identified, where steganographic malware is being distributed through seemingly innocuous JPEG image files.

This sophisticated campaign involves luring users into downloading obfuscated JPEG files that contain hidden malicious scripts and executables.

Once these files are executed, the malware targets the extraction of sensitive credentials and data from browsers, email clients, and FTP applications.

- Advertisement - Google News

The malware then triggers a series of events that lead to the download of additional payloads, including customized infostealer tools such as Vidar, Raccoon, and Redline.

Detection and Protection Measures

Symantec has identified this threat and offers protection through various detection mechanisms.

The malware is identified by indicators such as ACM.Ps-Base64!g1, ACM.Ps-Http!g2, ACM.Ps-Wscr!g1, and ACM.Wscr-Ps!g1, which are part of adaptive-based detection systems.

Additionally, VMware Carbon Black products block associated malicious indicators, recommending policies that prevent the execution of known, suspect, and potentially unwanted programs (PUPs), while also leveraging cloud scan capabilities for enhanced protection.

Symantec’s email security products and Email Threat Isolation (ETI) technology provide an extra layer of protection against email-based threats.

File-based detection includes identifiers like CL.Downloader!aat171 and ISB.Downloader!gen80, which help in identifying and mitigating the malware.

Machine learning-based systems, such as Heur.AdvML.B, further enhance detection capabilities by identifying advanced threats.

Web-based protection is also in place, covering observed domains and IPs under security categories in WebPulse enabled products.

Impact and Recommendations

The use of steganography in malware distribution highlights the evolving sophistication of cyber threats.

Users are advised to be cautious when downloading files, especially images, from untrusted sources.

Implementing robust security measures, such as those offered by Symantec and VMware Carbon Black, can significantly reduce the risk of infection.

It is crucial for organizations and individuals to stay updated with the latest security patches and to use advanced threat detection tools to combat such stealthy attacks.

By understanding the tactics used by these malware campaigns, users can better protect themselves against the theft of sensitive information.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...

Seamless AI Communication: Microsoft Azure Adopts Google’s A2A Protocol

Microsoft has announced its support for the Agent2Agent (A2A) protocol, an open standard developed...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...