Image by Nico Baum, from Unsplash

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

• Amazon hired Covariant’s founders but kept its operations separate.
• Deal restricts Covariant from selling its technology freely, limiting competition.
• FTC is reviewing the complaint, and Amazon defends the structure as legal.

According to the filing, the $380 million deal exceeded the $119.5 million threshold that typically triggers premerger reporting requirements, reported The Post.

The complaint also highlights terms in the deal that allegedly restrict Covariant’s ability to sell its technology to other companies, turning it into a “zombie” company with limited prospects.

She emphasized that the arrangement aimed to enhance Covariant’s technology without limiting its competitive ability. The FTC has confirmed it is reviewing the complaint, but the agency declined to comment further.

These so-called “reverse acquihires” are raising concerns among regulators, who worry that such deals may limit competition and innovation, particularly in the rapidly developing AI industry.

Image by jcomp, from Freepik

Hackers Hide Malware In Images From Trusted Website

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A new report from HP Wolf Security highlights alarming advancements in malware delivery tactics, including the embedding of malicious code within seemingly innocuous images hosted on legitimate platforms.

In a Rush? Here are the Quick Facts!

• Malware campaigns targeted businesses using invoice emails with malicious attachments.
• Hidden malware steals sensitive information, including passwords and credit card details.
• Nearly 29,000 views on one malicious image show the scale of the attack.

One of the standout findings involves malware campaigns that embedded harmful code into image files. These images were uploaded to archive.org, a trusted file-sharing website, to avoid suspicion. By doing this, hackers were able to sneak past common security measures, like network filters, that often rely on a website’s reputation.

Two types of malware were spread using this tactic: VIP Keylogger and 0bj3ctivityStealer. Both are designed to steal sensitive information such as passwords and credit card details.

Hackers sent emails posing as invoices or purchase orders to trick businesses into downloading malicious attachments. These attachments contained files that, when opened, triggered a chain reaction.

The process included downloading a seemingly harmless image file from archive.org. Hidden within the image was encoded malware, which would then install itself onto the victim’s computer.

One image linked to this campaign was viewed nearly 29,000 times, hinting at the large scale of the attack.

Once the image is downloaded, a piece of code extracts and decodes the malware hidden inside it. The malware then runs on the victim’s device, recording keystrokes, stealing passwords, and even taking screenshots. To make the attack persistent, the malware modifies the computer’s registry, ensuring it starts up every time the computer is turned on.

The report says that this method of hiding malicious code in images is particularly effective because it exploits legitimate platforms, making it harder for traditional security tools to detect.

The researchers add that these incidents highlight the efficiency of reusing malware kits and components, as both campaigns employed the same .NET loader to install their respective payloads. This modular approach not only streamlined the development process for threat actors but also allowed them to focus on refining techniques to avoid detection.

The embedding of malicious code in images is not a novel tactic but represents a resurgence in its popularity due to advancements in obfuscation and delivery methods. The report emphasizes the need for enhanced endpoint protection and employee awareness training to counter such sophisticated threats.

As cybercriminals continue to innovate, leveraging legitimate tools and platforms, the report serves as a stark reminder of the evolving cyber threat landscape. Security teams must remain vigilant, adopt proactive measures, and stay informed to mitigate risks posed by these emerging threats.