14 DAY TRIAL // Trend Micro has found that some cyber-attacks rely on maliciously crafted JPEG files to perform updates on themselves or to deploy new threats.
The image files contain encrypted data that the company researchers managed to extract and thus analyze the content, which consists in configuration files and binaries.
Tracked to websites located in the Asia-Pacific region, the configuration data present in the JPEGs permits attackers to change settings as well as update itself.
These files also contain details about hostnames in the compromised network and the process names of several antivirus products.
Some of the emails sent by this malware pertaining to SOMOGOT and MIRYAGO families (mainly spyware) contained an attachment that included details about the image files that had already been accessed by the threat and info on the operating system and security updates applied.
The executable files analyzed by Trend Micro were either updates or fresh malware ready to infect the target.
According to the company, there is reason to believe that this method has been in use since as far back as 2010 and continues to be applied today. Some of the mischievous image files can be seen in the picture above.