25 July 2014

Cat pics prove hazardous to online bank accounts

04 March 2014  |  5419 views  |  3 cat

Crooks are taking advantage of one the Internet's key weaknesses - a fondness for cat pictures - to infect computers with banking malware, according to Trend Micro.

The Zbot malware uses steganography - the practice of concealing a message within something else - to hide configuration files in images of cats and sunsets, says Trend Micro in a blog post.

Zbot downloads a Jpeg file with an image containing a hidden list of banks from around the world to monitor. If a victim visits one of the banks, the malware jumps into action and steals user credentials.

Image appended with the list of targeted institutions

The attack also downloads other malware onto the system which removes the X-Frames-Options HTTP header from sites the user visits, allowing them to be displayed inside a frame, enabling clickjacking attacks.

Comments: (3)

Andrew Smith - CloudZync - London | 05 March, 2014, 12:33

I think we need to report these types of stories more accurately as this makes it seem a simple picture could put your PC at risk, when in reality it does nothing. The danger is the malware you download and execute that then uses those pictures as a configurable source to attack. This is hardly a new story either....

Matt White - Finextra - London | 05 March, 2014, 14:20

Bit of a catty comment.

Andrew Smith - CloudZync - London | 05 March, 2014, 15:14

@Matt I know, bit of a cat-astrophe

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Related blogs

Create a blog about this story (membership required)

Related stories

27 February, 2014
31 January, 2014
20 January, 2014
06 January, 2014
Your browser is unable to support Flash files.

Featured job

$80k-130k base (d.o.e) + Bonus and Full Benefits
Boston, MA (USA)

Find your next job