Hackers are using steganography technique to spread ZBOT malware by hiding configuration files within images of sunsets or cats and then hack into bank accounts and start drawing funds, according to researchers at TrendLabs.
Researchers revealed that malware works by downloading a JPEG file into the affected system without consumers’ knowledge.
"We encountered an image of a sunset, but other security researchers reported encountering a cat image," researchers added.
Hackers use steganography to embed the list of banks and financial institutions to be monitored inside the image, including institutions from across the globe, mainly in Europe and the Middle East.
If any user visits any of the institutions, ZBOT malware attempts to reap credentials and other personal information.
The ZBOT malware variant also downloads a secondary payload, which is a Trojan that eliminates the X-Frames-Options HTTP header from the websites visited by the user and allows websites to be viewed within a frame.
Researchers added: "ZBOT has not traditionally been linked to clickjacking in the past. However, it has been linked to other threats, such as ransomware and file infectors."
"The use of steganography, along with the inclusion of clickjacking-related malware, shows that established malware threats are still expanding their techniques and routines."
