Threat Actors Start Hiding Malware within Website Images

archive.org, generative AI, malicious code, Obj3tivityStealer, Ophtek, Phishing, VIP Keylogger, website images, , , , , , ,
11
Feb 2025

Cybercriminals are increasingly embedding malware within website images to evade detection and compromise IT systems.

Recent investigations have revealed a growing trend among threat actors: hiding malicious code within image files hosted on trusted websites. This approach allows the attackers to bypass traditional security measures, which tend to trust well-known and widely used websites. As ever, the attack begins with a phishing email designed to trick the victim into unleashing the malware. The phishing email in question has taken numerous forms such as invoices or purchase orders. Once opened, the file exploits a Microsoft Office vulnerability.

Emails are an essential part of business, so it’s crucial that you understand how this attack works to keep your IT infrastructure safe.

Unpacking the Image Attack

The vulnerability at the heart of the attack can be found in Microsoft Office’s Equation Editor (CVE-2017-11882). This vulnerability enables a malicious script to run, downloading an image file from a trusted website (such as archive.org). The image may, to the average PC user, look harmless, but hidden within its metadata is a malicious code. This is used to automatically install spyware and keyloggers such as VIP Keylogger and Obj3tivityStealer. These slices of malware allow the threat actors to monitor your systems, harvest sensitive data, and gain access to financial information.

What’s interesting – or disturbing, depending on your perspective – about the attack is that it appears to harness the power of AI. Cybercriminals are increasingly turning to generative AI to create convincing phishing emails, malicious scripts, and even HTML web pages which can host malicious payloads. This is making attacks much easier to launch while also lowering the barriers to entry around your IT networks.

Keeping Your IT Systems Secure

No business wants keyloggers and spyware downloaded onto their IT infrastructure, so it’s vital that you keep it secure and protected. It’s impossible to keep it 100% safe, but you can optimize its strength by following these three tips:

  1. Regularly Update Your Software: make sure all your software, especially Microsoft Office applications, is up to date. Software developers release regular updates to patch vulnerabilities – like CVE-2017-11882 – which attackers seek to exploit. As well as enabling automatic updates, schedule regular checks for patches to ensure that critical updates are not missed. And remember, this applies to all software on your networks.
  2. Use Advanced Email Security: always utilize email filtering tools to automatically block phishing emails before they reach your staff. These highly effective solutions can scan all incoming messages for suspicious links, attachments, or blacklisted senders to prevent them from reaching your employee inboxes. Also, make sure your team are educated on the danger signs of a phishing email. Regular training and refresher sessions can help maximize the security of your first-line defenses.
  3. Monitor Network Activity: Use network monitoring tools to detect unusual activities, such as unexpected downloads or unauthorized connections. These tools can indicate potential threats early, allowing you to respond quickly before threat actors secure a foothold within your systems. Make sure that you establish a program of regular reviews for your activity logs, this approach will enable you to spot anomalies and take action.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Malicious Chrome Extensions Threaten Millions

Bard AI Chat, ChatGPT, Cyber Attack, Facebook Ads, Google Chrome, Google Meet, malware, Ophtek, Phishing, , , , , , ,
04
Feb 2025

A recent cyberattack has compromised several popular Google Chrome extensions, infecting millions of users with data-stealing malware.

In early January 2025, cybersecurity researchers at Extension Total discovered a malicious campaign targeting Chrome extensions which offer AI services. The threat actors hijacked at least 36 extensions – including Bard AI Chat, ChatGPT for Google Meet, and ChatGPT App – with approximately 2.6 million users affected. This widespread attack has raised the alarm among users and software developers as, previously, these extensions were highly trusted.

With 3.45 billion people using Chrome as their browser, it’s no surprise that threat actors would target it. This attack is especially ingenious, so we’re going to take a deep dive into it.

How Were the Chrome Extensions Compromised?

The affected extensions may be named after popular AI tools like Bard and ChatGPT, but they are third-party applications with no development from Google or OpenAI. Third-party extensions can, of course, be legitimate, but these compromised extensions were far from helpful. Instead, they were used to deliver fake updates containing malware.

The malware was designed to steal sensitive user information, specifically targeting data related to Facebook Ads accounts. Therefore, this posed a significant threat to businesses which rely on Facebook for marketing and sales. With this stolen data, the threat actors could use it for unauthorized access, financial and identity theft, or to fuel phishing attacks.

In response to the attack, many of the affected extensions have been removed from the Chrome Store to limit further infections. However, others remain available, exposing users to the malware. Chrome, as we’ve already mentioned, is hugely popular with around 130,000 extensions are available to install. The risk of a security incident, as you would imagine, is high; this recent attack underscores the importance of practicing vigilance when installing extensions.

Staying Safe from Rogue Chrome Extensions

Browser extensions are designed to help users by enhancing functionality and making everyday browsing easier. However, this recent attack has also demonstrated that they’re a security risk. Ophtek wants to keep you safe from similar attacks, so we’ve put together our top tips for protecting your PC from rogue extensions:

  • Install Extensions from Trusted Sources: you should only ever download extensions from reputable developers and official web stores. Before hitting that install button, always carry out some research on the developer, read user reviews, and check ratings to assess how legitimate it is.
  • Limit Extension Permissions: extensions often require permissions to function correctly on your PC but be very careful of any extension which requests a long list of permissions e.g. access to browsing data, microphone control, and cookies. You should only ever grant permissions to what is necessary for the extension to operate. If in doubt of a permission request, seek help from an IT professional.
  • Update Extensions: always ensure your extensions are kept up to date, as developers often release patches to fix security vulnerabilities. Regularly check for updates and keep an eye out for any unusual browser behavior such as strange pop-ups, redirects to other sites, or performance issues. Additionally, if you have extensions you no longer use, remove these to reduce your exposure to risk

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Fake Job Scam Used to Serve Up Malware

fake recruiters, Linkedin, malicious websites, Ophtek, phishing_email, update security software, verify identities, webcams, , , , ,
28
Jan 2025

Threat actors are highly innovative – one recent attack tricked victims into addressing fake webcam and microphone issues to gain system access.

We’re constantly advised to be aware of phishing emails, infected documents, and malicious websites, but what happens when threat actors take a different approach? Well, they increase their chances of breaching your defenses. This is why it’s crucial to keep up to date with developments in the world of cybersecurity. This latest attack targeted professionals on LinkedIn, but it could easily be used in other environments.

Ophtek wants to keep you secure from these types of threats, so we’re going to summarize this attack and show you how to stay safe.

The Interview from Hell

Job interviews are always stressful affairs, but at least they don’t hit you financially. However, there is an exception – the LinkedIn attack. With 1 billion members, LinkedIn is hugely popular and this makes it the perfect target for a threat actor.

Victims are approached on LinkedIn by fake recruiters who claim to be working for crypto firms such as Kraken and Gemini. On offer is the opportunity of a number of high-ranking roles at these firms, and the victims has been specially chosen to apply. Victims who take the bait and then posed a series of long-form questions relating to the crypto industry e.g. which crypto trends will have the most impact in the next 12 months.

It may, at first, seem like any other job interview, but the final question posed requires an answer filmed on video. This is where the breach begins. The threat actor will issue an error message stating that there’s an access issue for the victim’s camera and microphone. The problem is apparently caused by a cache issue but, luckily, the ‘interviewer’ has a set of instructions to fix the error. Unfortunately, following these instructions simply hands the threat actor access to the victim’s PC, where their crypto wallet is likely to be targeted.

How to Stay Safe on LinkedIn

You may have a LinkedIn account, and even if you don’t, it’s important that you know how to defend against a similar attack. The three main ways you can protect your PC are:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Infostealers: What They Are and How to Stay Protected

Infostealers, malicious sites, malware, Ophtek, Phishing Email, SambaSpy, security software, SnipBot, software updates, , , , , , , ,
03
Dec 2024

Infostealer malware is frequently referenced as the go-to weapon for threat actors, but what is it? And how do you protect your IT systems from it?

You only have to take a quick look over the Ophtek blog to understand the popularity of infostealers in modern hacking. From fake Zoom sites through to SnipBot and SambaSpy, threat actors are determined to get their hands on your sensitive data. Infostealers, therefore, present an everyday threat to PC users and it’s crucial you understand their methods and impact.

Luckily, Ophtek has your back, and we’re going to take a deep dive into infostealers to equip you with the knowledge you need to stay safe.

What is an Infostealer?

The main objective of all infostealer malware is to harvest confidential data from a compromised system. With this stolen data, threat actors have the opportunity to conduct numerous crimes such as identity theft or financial damage. This makes infostealer malware such a serious threat, especially in the age of big data, where organizations hold huge amounts of data on their IT systems. As with most modern malware, infostealer has strong stealth capabilities, allowing it to operate in the background without being detected and strengthening its impact.

The Danger Behind Infostealers

Infostealers can be individual malware threats or part of a more extensive suite of malware applications. Whatever their method, infostealers tend to focus on stealing the following data:

  • System login credentials
  • Social media and email passwords
  • Bank details
  • Personal details

All of these data categories have the potential for serious damage e.g. hacking someone’s personal emails and reading confidential information or clearing someone’s bank account out. From a business perspective, infostealers also have the potential to gain access to secure areas of your IT infrastructure and compromise the operations of your business. All of this data is taken directly from your servers and then discreetly transmitted to a remote server set up by the threat actors.

How Do Infostealers Strike?

Threat actors have developed numerous strategies to launch successful infostealer attacks with the two most common methods being:

Protecting Your Systems Against Infostealers

Despite the threat of infostealers, it’s relatively easy to stay safe and protect your systems from them. All you need to do is follow these best practices:

  • Be Wary of Suspicious Emails: Any emails which ring even the slightest alarm bell should be closely scrutinized. If something about the wording doesn’t sound quite right, or there’s a sense of urgency to commit to an action, the chances are that this could be a phishing email. In these instances, don’t click anything and, instead, contact an IT professional to review the content.
  • Always Update Your Software: One of the easiest ways for threat actors to deploy infostealers on your system is through software vulnerabilities. No piece of software is perfect, and they often contain weak spots which can be exploited. However, as these vulnerabilities are picked up by the developers, security patches are issued to remedy these weak spots. Accordingly, installing these updates should be a major priority.
  • Install Security Software: There are numerous security packages available such as AVG and Kaspersky which monitor your systems in real time and can block malware threats instantly. This automatic defense enables you to stay safe from infostealers and keeps your networks healthy and productive.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Hackers Unmasked: Who Are They and What Motivates Them?

Black Hat, Hackers, Hacktivists, malware, Ophtek, Phishing, security, White Hat, , , , , , , ,
19
Nov 2024

The headlines generated by cybersecurity attacks always focus on the damage caused by hackers, but who exactly are the hackers and why do they hack?

Financial losses associated with cybercrime hit a mighty $12.5 billion in 2023, so it’s clear to see that hackers have a major impact on society. And yet we know so little about them. Characterized as shady, hidden figures, hackers rely on this mysterious air to create panic and fear when they strike. Technically savvy, they pose a major threat to computer systems all over the world, and they often get away with it through a mixture of ingenuity and bravado.

To help you understand their motives better, we’re going to pull back the digital curtain and show you who these hackers are and what drives them to attack IT infrastructures.

The Main Types of Hackers

There are many different types of hackers, with different methods of operation and varying skillsets. The main variants you’re likely to encounter are:

  • Black Hat Hackers: Perhaps the most infamous type of hacker, black hat hackers are regularly discussed on the Ophtek blog due to their love of breaking into IT systems. Their main activities involve launching malware, compromising software vulnerabilities, and setting up phishing campaigns.
  • White Hat Hackers: In contrast to their black hat counterparts, white hat hackers are a force for good. Typically, they work in conjunction with organizations to identify weak spots in their IT security e.g. demonstrating where software vulnerabilities are present or highlighting the use of default passwords on routers.
  • Hacktivists: These hackers aren’t out to commit cybercrime in the same way as a black hat hacker, but hacktivists operate on the wrong side of the law in order to bring about social or political change. A good example of this can be found in the 2022 attacks launched against Russian websites by the hacking group Anonymous, an attack designed in response to the Russian war on Ukraine.

What are the Motivations Behind Hacking?

Every hack will have a motive behind it and it’s important to understand these motives in order to better protect our computer systems. The main driving forces behind cyberattacks include:

  • Financial Gain: As with all crime, money acts as a significant motivating factor. Stolen credentials, for example, can be sold on the dark web for large amounts of cash. Likewise, the rise of Malware-as-a-Service has proved highly lucrative for hackers and been responsible for some devastating attacks.
  • Challenging Themselves: Hackers love the prestige of a successful hack, and this hit of dopamine is enough to encourage them to set about launching increasingly audacious attacks. This not only challenges them and provides a firm motivation, but it also encourages them to hone their skills and make their attacks harder to defend against.
  • Personal Grievances: Often, the main motivation behind a hack is simply a slice of old-fashioned revenge. An ex-employee, perhaps terminated unfairly in their eyes, may seek revenge by exploiting their knowledge of an organization’s IT system. This insider knowledge may offer them the opportunity to strike back and hurt the organization.

Final Thoughts

Hackers, with their varying objectives and motivations, are a complex set of individuals and groups. While some may be a force for good, just as many have taken up their craft to inflict damage and benefit financially from their digital chaos. Whatever their circumstances, one thing remains clear: it’s crucial to strengthen your IT systems against all threats all the time.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 13