Both .JPG and .JPEG files pertain to file formats commonly used for images, while .DMP files are memory dump files that contain information on why a particular system has stopped unexpectedly.
"Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users," Trend Micro’s Raymart Paraiso, threat response engineer, writes in a blog post.
When it connects to the FTP server, PixSteal can do damage in volume: It sends 20,000 files at a time to the server. Of course, that means someone has to parse through the files to turn up anything of use. Presumably, compromising photos would be easy to spot (or design an automatic detection engine for) to use as blackmail leverage, but other information would be more difficult to glean and use from image files. For instance, cutting and pasting information from financial documents into text format from JPEGs is relatively impossible, so to use the information would require a manual replication of the information in the picture.
Though it appears tedious, the potential gain for cybercriminals should they be successful in stealing information is high, according to Trend Micro, which has detected the threat as TSPY_PIXSTEAL.A within the code.
"Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high,” he added. “Collected photos can be used for identity theft, blackmail or can even be used in future targeted attacks."
Securing data – including files such as images – is every user’s responsibility, Paraiso noted. As threats become more advanced, it’s even more important to make sure that software is up to date, and that users adopt safe online practices, such as avoiding clicking on unfamiliar links and learning to recognize phishing schemes when they see one.
That vigilance is becoming more imperative as threats get savvier and more damaging. Increasingly malware that uses embedded webcams and microphones is making an appearance on the scene, collecting visual and audio evidence in order to create a fuller picture of the infected machine’s surroundings. Recently this has spread to Android phones via a new threat called PlaceRaider, which can secretly take photos or video every few seconds without the owner ever noticing. Combined with information from a smartphone’s GPS system and accelerometer sensors, the visual data can be assembled into a three-dimensional map of the phone's surroundings.