Coverage from Tech Radar indicates that a new hacking campaign, dubbed "Operation SilentCanvas," is employing sophisticated techniques to infiltrate organizations. The campaign is notable for its use of seemingly innocuous .jpeg files to deliver malicious payloads, targeting enterprises that rely on remote administration tools.Attackers are weaponizing .jpeg files to deliver PowerShell payloads, trojanize ScreenConnect, and establish persistence on target systems. The malware, described by Cyfirma as part of a "professionally engineered and operationally mature intrusion framework," enables credential theft, encrypted command-and-control communications, and surveillance features like screen capture and microphone monitoring. The infection vector likely involves phishing emails, deceptive file-sharing, or fake software updates. Once executed, the malicious file deploys a trojanized version of ConnectWise ScreenConnect for covert remote access, bypasses Windows security, and elevates privileges.Experts advise monitoring for abused Windows binaries, strictly controlling remote access platforms, and setting up detection rules for suspicious PowerShell activity. Any system exhibiting unexpected ScreenConnect activity should be immediately isolated.Source: Tech Radar
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds



