Crooks are taking advantage of one the Internet's key weaknesses - a fondness for cat pictures - to infect computers with banking malware, according to Trend Micro.
The Zbot malware uses steganography - the practice of concealing a message within something else - to hide configuration files in images of cats and sunsets, says Trend Micro in a blog post.
Zbot downloads a Jpeg file with an image containing a hidden list of banks from around the world to monitor. If a victim visits one of the banks, the malware jumps into action and steals user credentials.
The attack also downloads other malware onto the system which removes the X-Frames-Options HTTP header from sites the user visits, allowing them to be displayed inside a frame, enabling clickjacking attacks.
I think we need to report these types of stories more accurately as this makes it seem a simple picture could put your PC at risk, when in reality it does nothing. The danger is the malware you download and execute that then uses those pictures as a configurable
source to attack. This is hardly a new story either....
Bit of a catty comment.
@Matt I know, bit of a cat-astrophe
CompetitiveNew York City, NY, USA
© Finextra Research 2015