Application security, Malware

Brazilian trojan arrives disguised in PNG image

A new trojan has been detected in the wild that conceals itself in a PNG image, according to a Thursday post on SecureList.

This type of attack – where the malicious payload is hidden in encrypted files – was first exposed several months ago in the U.S., but this new strain originates in Brazil.

The attack begins with a PDF attached to an email message that can deliver an executable or .ZIP file with the .pdf extension in the filename. Clicking downloads several files, including the common image format PNG file header.

SecureList researchers analyzing the binary recognized its size was unusual and identified the function that loads the PNG files to the memory, which then leads to decrypting and executing the extracted binary.

Be wary of emails from unknown sources, especially those containing links and attached files, SecureList advised.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.