Malware

Operation SilentCanvas: Attackers use .jpeg files to deliver malware

Privacy concept: pixelated words Malware on digital background, 3d render

Coverage from Tech Radar indicates that a new hacking campaign, dubbed "Operation SilentCanvas," is employing sophisticated techniques to infiltrate organizations. The campaign is notable for its use of seemingly innocuous .jpeg files to deliver malicious payloads, targeting enterprises that rely on remote administration tools.

Attackers are weaponizing .jpeg files to deliver PowerShell payloads, trojanize ScreenConnect, and establish persistence on target systems. The malware, described by Cyfirma as part of a "professionally engineered and operationally mature intrusion framework," enables credential theft, encrypted command-and-control communications, and surveillance features like screen capture and microphone monitoring. The infection vector likely involves phishing emails, deceptive file-sharing, or fake software updates. Once executed, the malicious file deploys a trojanized version of ConnectWise ScreenConnect for covert remote access, bypasses Windows security, and elevates privileges.

Experts advise monitoring for abused Windows binaries, strictly controlling remote access platforms, and setting up detection rules for suspicious PowerShell activity. Any system exhibiting unexpected ScreenConnect activity should be immediately isolated.

Source: Tech Radar

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds