Healthcare Organizations Targeted by Stegoloader Trojan-Infected PNG Image Files
Computer and Internet security researchers have noticed a steady increase in the attacks on healthcare organizations in an effort by cybercrooks to obtain personal information. Among the latest string of attacks, it was found that the use of PNG images has initiated a rash of Trojan horse infections hidden in such files.
PNG images are a widely popular image file type used on the internet that are commonly chosen over JPG image files due to the smaller size and optimization of PNG images. Cybercrooks have long used the method for slipping malware onto a computer by masking infections as other legitimate files. In a recent finding, PNG image files were used to attack healthcare organizations with the Stegoloader Trojan horse infection, also known as Win32/Gatak.
Stegoloader is known to be a dangerous Trojan horse that was first identified in 2013. During its discovery, Stegoloader wasn't causing much of a ruckus and thought to be a mild infection. Now, Stegoloader has multiple variations mostly designed to steal data from infected systems.
The advanced methods of updated Stegoloader malware samples have been found to use a process called steganography. The process of steganography involves employing malware beforehand to update configuration files and other malware for delivery. Additionally, this method allows for executing malicious modules in the infected system's memory. When it comes to a PNG image file hiding Stegoloader the threat will avoid saving its extracted code to disk virtually leaving no trace of it performing malicious actions.
So far, Stegoloader-infected PNG image files have targeted healthcare organizations at a much higher rate than any other type of infrastructure or organization. Along with many security researchers, we believe that healthcare organizations are targeted due to having multiple layers of data. With successful attacks on healthcare records, cybercrooks could make away with date comprised of many facets of people's lives, including more than enough information to infiltrate accounts or access banking information belonging to the victimized.
In a report released by Dell SecureWorks and later followed up by Trend Micro's own telemetry data on the Stegoloader threat, it was concluded that over 42% of Stegoloader victims were from the healthcare sector. All other organizations in the findings fell far behind with the financial sector being the next in line at only 12%.
It is agreeable that advanced threats like Stegoloader will have alternative methods for spreading. Just like the recent findings of Stegoloader-infected PNG image files targeting healthcare organizations, we are sure to see other threats using similar methods to spread and attack healthcare and other organizations.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.