Hackers Hide Malware In Images From Trusted Website - 1

Image by jcomp, from Freepik

Hackers Hide Malware In Images From Trusted Website

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A new report from HP Wolf Security highlights alarming advancements in malware delivery tactics, including the embedding of malicious code within seemingly innocuous images hosted on legitimate platforms.

In a Rush? Here are the Quick Facts!

  • Malware campaigns targeted businesses using invoice emails with malicious attachments.
  • Hidden malware steals sensitive information, including passwords and credit card details.
  • Nearly 29,000 views on one malicious image show the scale of the attack.

One of the standout findings involves malware campaigns that embedded harmful code into image files. These images were uploaded to archive.org, a trusted file-sharing website, to avoid suspicion. By doing this, hackers were able to sneak past common security measures, like network filters, that often rely on a website’s reputation.

Two types of malware were spread using this tactic: VIP Keylogger and 0bj3ctivityStealer. Both are designed to steal sensitive information such as passwords and credit card details.

Hackers sent emails posing as invoices or purchase orders to trick businesses into downloading malicious attachments. These attachments contained files that, when opened, triggered a chain reaction.

The process included downloading a seemingly harmless image file from archive.org. Hidden within the image was encoded malware, which would then install itself onto the victim’s computer.

One image linked to this campaign was viewed nearly 29,000 times, hinting at the large scale of the attack.

Once the image is downloaded, a piece of code extracts and decodes the malware hidden inside it. The malware then runs on the victim’s device, recording keystrokes, stealing passwords, and even taking screenshots. To make the attack persistent, the malware modifies the computer’s registry, ensuring it starts up every time the computer is turned on.

The report says that this method of hiding malicious code in images is particularly effective because it exploits legitimate platforms, making it harder for traditional security tools to detect.

The researchers add that these incidents highlight the efficiency of reusing malware kits and components, as both campaigns employed the same .NET loader to install their respective payloads. This modular approach not only streamlined the development process for threat actors but also allowed them to focus on refining techniques to avoid detection.

The embedding of malicious code in images is not a novel tactic but represents a resurgence in its popularity due to advancements in obfuscation and delivery methods. The report emphasizes the need for enhanced endpoint protection and employee awareness training to counter such sophisticated threats.

As cybercriminals continue to innovate, leveraging legitimate tools and platforms, the report serves as a stark reminder of the evolving cyber threat landscape. Security teams must remain vigilant, adopt proactive measures, and stay informed to mitigate risks posed by these emerging threats.

Snakebite Crisis: Can AI Transform The Century-Old Approach To Antivenoms? - 2

Image by Sagar Paranjape, from Unsplash

Snakebite Crisis: Can AI Transform The Century-Old Approach To Antivenoms?

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Researchers have used AI to design proteins that neutralize key toxins in snake venom, offering a potential pathway to more effective and accessible snakebite treatments.

In a Rush? Here are the Quick Facts!

  • AI-designed proteins neutralize toxins in snake venom, potentially transforming antivenom treatments.
  • Snakebites kill 100,000 people annually, mainly in regions with limited medical access.
  • New antivenoms could be cheaper, stable, and effective for rural and underserved areas.

The study, published in Nature , highlights how AI can pave the way for new, more accessible snakebite treatments, potentially saving thousands of lives each year.

Nature reports that snakebites kill an estimated 100,000 people annually and cause permanent disability for many more, particularly in low-resource areas. The World Health Organisation defines snakesbites as a “neglected public health issue in many tropical and subtropical countries.’’

Current treatments, primarily derived from antibodies in the blood serum of immunized animals like horses and sheep, have remained largely unchanged for over a century. These antivenoms often require refrigeration and trained medical professionals to administer, limiting their utility in rural or underserved regions, as noted by Nature.

The new approach utilizes an AI tool called RFdiffusion, developed by David Baker’s team at the University of Washington. Inspired by image-generating AI programs like DALL-E, RFdiffusion can design proteins capable of binding tightly to specific toxins.

In collaboration with biochemist Susana Vázquez Torres, the team targeted three types of toxins in elapid snake venom, known to cause paralysis, tissue damage, and death.

Using RFdiffusion, the researchers created “mini-binders” that strongly attached to these venom toxins. Experiments showed that these mini-binders could neutralize toxins’ effects in lab-grown cells.

In live animal tests, the team demonstrated their efficacy: mice injected with otherwise lethal doses of venom survived when treated with mini-binders either beforehand or shortly after exposure. “This is probably the coolest experimental result I’ve had in my career so far,” said Vázquez Torres.

The AI-designed proteins boast advantages over traditional antivenoms. They are highly stable and could eliminate the need for refrigeration, making them ideal for remote settings. Additionally, they can be mass-produced at low cost using industrial bacteria.

However, these proteins address only a fraction of snake venom’s complex composition, meaning future antivenoms may need to combine multiple mini-binders tailored to regional snake species.

Despite promising results, challenges remain in funding and clinical development. While Baker’s protein design ventures for diseases like cancer have secured substantial investments, resources for neglected diseases like snakebites are scarce.

“The path forward for anything to do with infectious disease or developing-world diseases like snakebites, it’s just harder,” Nature reports Baker saying. Still, this groundbreaking research signals a transformative shift in tackling global health challenges with AI.