Brazilian trojan arrives disguised in PNG image

Brazilian trojan authors are using PNG files to deliver malicious payloads.
Brazilian trojan authors are using PNG files to deliver malicious payloads.

A new trojan has been detected in the wild that conceals itself in a PNG image, according to a Thursday post on SecureList.

This type of attack – where the malicious payload is hidden in encrypted files – was first exposed several months ago in the U.S., but this new strain originates in Brazil.

The attack begins with a PDF attached to an email message that can deliver an executable or .ZIP file with the .pdf extension in the filename. Clicking downloads several files, including the common image format PNG file header.

SecureList researchers analyzing the binary recognized its size was unusual and identified the function that loads the PNG files to the memory, which then leads to decrypting and executing the extracted binary.

Be wary of emails from unknown sources, especially those containing links and attached files, SecureList advised.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS