Trojan horse designed to steal your photos

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Sophos said:
When it comes to data theft there seems to be no limit to the types of files that might be stolen if your system becomes compromised.

The latest, Troj/PixSteal-A, is designed to take all of the images, photos and even memory dumps from your hard drive.

The malware starts out by scouring your C: D: and E: drives on Windows for any files ending in .JPG, .JPEG and .DMP.

picsteala-500.png


fter it gathers up all of the images it can find it then uploads them via FTP to a FTP server hosted in Iraq.

The image on the right shows some of the filenames present at the time of this writing. The ones shown here are default images included with Windows XP, but many others were found.

In a second strange link to the Iraqi server hosting the FTP site some of the images that were purloined from victims appeared to be scanned documents written in Arabic.

This might hint at one of the motives behind image thefts. Are they look for *wink* candid photos *wink* that they might use to extort money from the victims?

Are they looking to get scanned copies of sensitive identity documents like passports, social security numbers and driver's licenses?

Perhaps they are trolling for photos of sensitive company documents, screen captures or faxes?

The theft of memory dumps might not fit into the above scenarios, unless you consider the types of things that are currently stored on that FTP server.

One file is named "Google_Talk_1.0.0.104_121002-170904.dmp"... You private instant messaging conversations could likely be inside of the memory space of a program like Google Talk.

If I had to make a guess, I would think the above evidence suggests it is being used for espionage, but we can't be sure.

Read more: http://nakedsecurity.sophos.com/2012/11/06/trojan-horse-designed-to-steal-your-photos/
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
MalwareCenter said:
I have this file, I can upload if you want.
Sure,I'm sure a lot of users will be interesting in it!:)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top