In an official statement Trend Micro has elaborated on its latest find — a malware that steals image files from all drives of an affected system and then sends them to a remote FTP server.

Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .jpg, .jpeg, and .dmp files. Both .jpg and .jpeg files pertain to file formats commonly used for images, while .dmp files are memory dump files that contain information on why a particular system has stopped unexpectedly.


Figure 1 shows the malware copying image files from drives C, D, and E

The images attached shows that TSPY_PIXSTEAL.A copies the files from drives C, D, and E of the affected system into its C: drive. Once done, it connects to an FTP server where it sends the first 20,000 files to the server. Though it appears tedious, the potential gain for cybercriminals should they be successful in stealing information is high. Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks.


Figure 2 showing how copied files are sent to a remote FTP server

“Trend Micro Smart Protection Network cloud security infrastructure rapidly and accurately identifies new threats, delivering global threat intelligence to all our products and services. Ongoing advances in the depth and breadth of the Smart Protection Network allow us to look in more places for threat data, and respond to new threats more effectively, to secure data wherever it resides,” says Amit Nath, country manager, India and SAARC Trend Micro.

The company further shares in its statement that securing data, including files such as images — is every user’s responsibility. Part of that responsibility, of course, is to prevent being infected by malware. 

As per a security roundup released by Trend Micro recently, it asked Android users to be more careful while downloading apps from Google Play as there has been a sharp increase in the amount of malware found on the app market. According to a security roundup by Trend Micro, the number of high risk and dangerous apps that are targeting Android users has risen, from 30,000 in June to 175,000 in September.

The security company has also reported a rise in the number of aggressive mobile adware that collects information about the users. “Though most adware is designed to collect user information, a fine line exists between collecting data for simple advertising use and violating one's privacy,” Trend Micro said. “Because adware normally collect user information for legitimate purposes, they can serve as an effective means to gather more data than some would want to give out.”

According to Trend Micro, the top three malware identified were ZeroAccess, Downad/Conficker, and Keygen. ZeroAccess as infected over 900,000 devices to date. One of the most common sources of infection on Android devices is fake apps imitating to be real ones.

Recently, a Trojan was found on Google Play that steals personal information which it then transmits to a remote FTP server. The owner of the FTP server has not been identified yet.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,