Malware hidden in images hits Gmail and Outlook users.
Update, January 19, 2025: This story, originally published on January 18, now includes mitigation tips to help protect against hidden email hacking tactics used by the VIP Keylogger and 0bj3ctivityStealer threat campaigns.
It’s no secret that hackers want your account credentials, whether from high-velocity attacks against Microsoft accounts or two-factor authentication bypass attacks against Google users. The primary attack methodology revolves around your email, don’t click on non-phish attacks or threats alike. Now, security researchers have issued a warning about VIP Keylogger and 0bj3ctivityStealer malware, which are not so easy to spot as they are ingeniously hidden inside your email messages. With Gmail and Outlook being the largest email platforms, users are warned to be especially vigilant for these attacks. Here’s what you need to know.
How hacking threats hide in your email
Although phishing threats are nothing new, and although they are constantly evolving, most still focus on the same old techniques of clicking on links and executing attachments. However, the latest HP Wolf Security Threat Insights report has issued a warning about a critical malware threat that is sent via email while remaining hidden within images. Not just one malware threat, actually, but two.
Security researchers have reported how they caught malware campaigns spreading the VIP Keylogger and 0bj3ctivityStealer hacking threats both using the same initial exploit techniques: hiding malicious code in images. VIP Keylogger can record keystrokes and extract credentials from a number of sources, including applications and memory data. 0bj3ctivityStealer is also, as the name suggests, an information stealer and targets both account credentials and credit card information.
“By hiding malicious code in images and placing them on legitimate websites,” the researchers said, “attackers were more likely to bypass network security such as online proxies that rely on reputation checks.”
“The tactics observed in the report indicate that threat actors are reusing and combining attack components to improve the efficiency of their campaigns,” said James Coker, writing in Infosecurity Magazine.
In what HP Wolf researchers called “large malware campaigns” spreading the VIP Keylogger threat, emails posing as invoices and purchase orders were sent to victims, and the investigation revealed “numerous malicious images” with the most access that was viewed 29,000 times. .0bj3ctivityStealer, meanwhile, was delivered using archive files related to quote requests. These, if activated, will download an image from a remote server that contains the malicious code itself.
Mitigating the risks lurking in your email
Google has built new defenses to protect billions of Gmail users from all kinds of cyberattacks, including the kind of phishing threats and malware exemplified by the HP Wolf researchers. In 2024, Gmail’s senior director of product management, Andy Wen, said, “We developed several innovative AI models that significantly strengthened Gmail’s cyber defenses, including a new large language model that we trained for phishing , malware and spam”. This helped block 20% more spam than previous protections by more accurately identifying malicious patterns. Another AI model, Wen said, “acts as a watchdog for our existing AI defenses by instantly evaluating hundreds of threat signals when a dangerous message is flagged and deploying appropriate defenses.”
Microsoft, meanwhile, said that “all Outlook.com users benefit from spam and malware filtering. For Microsoft 365 Family and Microsoft 365 Personal subscribers, Outlook.com performs additional checking of attachments and links in the messages you receive.” These premium security features are automatically enabled for all Microsoft 365 Family and Microsoft 365 Personal subscribers who have email accounts that end with @outlook.com, @hotmail.com, @live.com and @msn.com.
