Hackers create PixSteal Trojan to copy all photos from your PC, then blackmail you

Do you recall the virtual theft made possible via the visual malware PlaceRaider? It can steal your privacy by remotely exploiting an Android smartphone camera and secretly snapping a photo every two seconds. Crafty malware creators have developed a new type of privacy theft aimed at images stored on your computer this time. If a picture is worth a thousand words, then if hacker infects your computer with malware that steals pictures, what does your photo stash say about you? PixSteal has been spotted in the wild; the Trojan ignores text and instead copies image files from all drives before uploading the photos to a remote FTP server.

Trojan PixSteal takes all your images, so what does your photo stash say about you

Trend Micro detected this specialized Trojan called "PixSteal" that “opens a hidden command line and copies all .JPG, .JPEG, and .DMP files.” That means image files and memory dump files that contain data about why a system unexpectedly stopped. TSPY_PIXSTEAL.A copies files from drives C, D, and E onto the C:\ drive before “it connects to an FTP server where it sends the first 20,000 files to the server.”

The PixSteal infection channel is the Internet. “This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.” Trend Micro warned, “Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks.”

Meanwhile, the Guardian reported on “parasite porn websites stealing images and videos posted by young people.” A new study by the Internet Watch Foundation (IWF) revealed that “88% of self-made sexual or suggestive images and videos posted by young people, often on social networking sites, are taken from their original online location and uploaded on to other websites.”

Sarah Smith, technical researcher at IWF, warned that if the IWF “cannot provide watertight proof that the young person in a sexually explicit image is under 18,” then it has “no power to remove it from the internet.” Smith added,  "Young people have to realize that once they take a digital image, once it is uploaded, it essentially becomes public property and is virtually impossible to remove. The clear message is that if you post

Guy Fawkes mask, remember the 5th of November, Anonymous V for Vendetta

this content you are going to lose control of it."

Lastly on hacks dealing with images, allegedly chanting “Remember, remember, the fifth of November,” Anonymous launched a “hacking spree” on Guy Fawkes Day. “ImageShack has been completely owned, from the ground up,” according to a pastebin. “We have had root and physical control of every server and router they own. For years.” 

Other sites hit in the V for Vendetta Guy Fawkes Day attacks allegedly include:

Plenty of other hacks happened too which might ensure that people will “remember, remember the fifth of November.”

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies