Recently it has been “viralized” an image of Mario (of Super Mario Bros), which, by steganográfia methods, hides malicious code in the pixels of the image downloaded by a banking malware called “Ursnif”.
Matthew Rowen and Tim Howes, Bromium researchers, They found an Excel file that ran different macros. Among the different macros, There is one that verifies the place where the Excel has been executed, if you are in Italy, Other macros, which download malicious code, will run immediately. These will download the image of Mario, which in turn, will execute PowerShell code thus downloading different malware on your computer.
The use of steganográfia techniques are used by cybercriminals to hide malicious content in multimedia files without being detected, This causes users to “trust each other” when opening content. In this case, Used 4 lower bits in blue tones, that although the human eye does not appreciate change, is enough space to hide a code.
The resulting code after analyzing the image gave a very obfuscated PowerShell code, But it didn't take long for them to realize that it was actually base64 encrypted and when they cleaned up the code they got the final version., which downloads malware onto computers.
What do you think of all this??