Trend Labs security intelligence blog has detailed an interesting new malware that attempts to steal user’s pictures and upload them to an FTP server. If your system is compromised by the malware it will search your system for .jpg, .jpeg and .dmp files to upload to its remote server for later analysis. It is speculated that the cyber criminals behind the Trojan cold use the photos to search for sensitive information, blackmail opportunities and general ID-theft jiggery pokery.
The newly discovered Trojan goes by the identification name of TSPY_PIXSTEAL.A and an alias of BDS/Wasew.A. “It copies all files with .JPG, .JPEG, and .DMP extensions from C:\ , D:\, and E:\ directories to C:\. It uploads all files located in the C:\ directory to the defined FTP site using certain credentials,” details the Trend Micro overview. You can get this malware on your system through other malware or “when visiting malicious sites”.
The Trend Labs blog says that TSPY_PIXSTEAL.A “connects to an FTP server where it sends the first 20,000 files to the server. Though it appears tedious, the potential gain for cybercriminals should they be successful in stealing information is high. Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks.” So users should be just as careful securing photos as securing other sensitive text based files and information.
Do you ever quickly use your camera or smartphone to copy documents to your computer? I do, I have photos of the family passports and various other certificates, hand-filled forms, receipts and documents. I find it much easier to find the documents on computer when needed rather than looking though the shoeboxes of my paper filing system... I imagine these pictures could be useful to criminals in some way. As for the memory dump (.dmp) files, the Trend Labs blog doesn’t touch upon how these may be used by the malware authors.