Trend Micro has found a malware that steals image files from all drives of an affected system and then sends them to a remote FTP server.
Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .JPG, .JPEG, and .DMP files. Both .JPG and .JPEG files pertain to file formats commonly used for images, while .DMP files are memory dump files that contain information on why a particular system has stopped unexpectedly.
The images show that TSPY_PIXSTEAL.A copies the files from drives C, D, and E of the affected system into its C:\ drive. Once done, it connects to an FTP server where it sends the first 20,000 files to the server. Though it appears tedious, the potential gain for cybercriminals, should they be successful in stealing information, is high.
Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks.
“Trend Micro Smart Protection Network cloud security infrastructure rapidly and accurately identifies new threats, delivering global threat intelligence to all our products and services. Ongoing advances in the depth and breadth of the Smart Protection Network allow us to look in more places for threat data, and respond to new threats more effectively, to secure data wherever it resides,” says Amit Nath, Country Manager India and SAARC, Trend Micro.