Image snatching malware poses new security threat
New breed of Trojan sniffs out personal information in pictures, not documents.


Security researchers have identified a new malware strand that steals image files from computers and sends them to a remote server
The program, detected under the name TSPY_PIXSTEAL.A (Pixsteal-A), is a Trojan that opens all .jpg and .jpeg image files, as well as .dmp memory dump files, and delivers copies of the first 20,000 to the FTP server being used by the cyber criminals behind the malware. It is currently only operational on Windows computers, according to Trend Micro's threat response engineer Raymart Paraiso.
"Though it appears tedious, the potential gain for cybercriminals should they be successful in stealing information is high. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high," he said in a blog post.
The collected images could potentially be used for identity theft, blackmail or to tailor future targeted attacks on individuals or corporations, Paraiso added.
Rik Ferguson, director of security research and communications told IT Pro: "[I believe] this is the first malware that has particularly focused on such a limited set of file types. In some of the nation state sponsored attacks, stealing photographs is of interest ... but if we are talking about the commercial, cybercriminal, widespread side of things ... then this does represent a shift."
Ferguson claims it is possible we will see more of this type of malware, but it will depend on how successfully Pixsteal-A can be monetised.
"There was a report recently on BBC Newsbeat that said self-generated intimate photos were being stolen and used on porn sites. So there is one obvious way that this kind of activity could bring an income for criminals, but whether it becomes more widely adopted and more widespread depends on how successful [this one is at generating revenue]," Ferguson concluded.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Exploitation of Docker remote API servers has reached a “critical level”
News Hackers are targeting Docker’s remote access API as it allows them to pivot from a single container to the host and deploy malware with ease
By Solomon Klappholz
-
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024
Cyber attacks reached another all-time high this quarter as digital crime continues to be a highly profitable industry for threat actors
By Solomon Klappholz
-
Alarm raised over patched Phemedrone Stealer malware that's being used to target Windows PCs - here's what you need to know
News Phemedrone Stealer is being used to exploit a vulnerability in Windows Defender SmartScreen despite the issue being patched in November 2023
By Solomon Klappholz
-
SOC modernization and the role of XDR
Whitepaper Automate security processes to deliver efficiencies across IT
By ITPro
-
Uncovering the ransomware threat from global supply chains
Whitepaper Effectively mitigate ransomware risk
By ITPro
-
The near and far future of ransomware business models
Whitepaper Discover how criminals use ransomware as a cyberweapon
By ITPro
-
Trend Micro security predictions for 2023
Whitepaper Prioritise cyber security strategies on capabilities rather than costs
By ITPro
-
'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomware
News More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damage
By Connor Jones