New image, password-stealing malware out
MANILA, Philippines - Privacy theft may now become a larger cause of concern for common Internet users who love taking pictures and storing them on their computers, as well as those who store their passwords in their browsers.
Two reports published on the Trend Micro blog on November 2 and November 6 discuss new malware: one that copies image files and sends them to an FTP server, and another that steals the password information stored in the browser.
The image-stealing malware, known as TSPY_PIXSTEAL.A, copies all the .JPG, .JPEG and .DMP files on a computer, then connects to an FTP server that sends the first 20,000 to that server.
The .JPG and .JPEG file types are associated with images, while the .DMP file types are memory dump files containing details regarding why a system has stopped unexpectedly.
The potential threats from the PIXSTEAL malware can include using the photos for blackmail and identity theft.
Scouring the photos for relevant information may also enable social engineering attempts and future attacks.
The password-stealing malware, known as TSPY_PASSTEAL.A, steals login credentials. It then stores them as a text file.
As the Trend Micro blog elaborates, “Unlike most info stealing malware that logs keystrokes to gather data, PASSTEAL uses a password recovery app to extract passwords stored in the browser.”
This allows the malware to steal passwords even from sites that use secure connections, such as Facebook, Twitter, Amazon and online banking sites, and variants can take information from non-browser applications such as gaming client Steam.
Trend Micro believes that the same people are responsible for both malware types.
“Because of similarity in data extraction routine (FTP upload), writes Alvin John Nieto for Trend Micro, "PASSTEAL and PIXSTEAL were possibly created by the same cybercriminals.” - Rappler.com