SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil
4 snips
Jun 16, 2025 Uncover the sinister world of cyber threats as the hosts discuss malware cleverly disguised within JPEG images. They highlight an alarming trend where JavaScript obfuscation is employed on a staggering 200,000 websites to spread malware. Additionally, the revival of expired Discord invite links as traps for unsuspecting users illustrates the creative tactics cybercriminals are using to target victims. Stay alert, as the cybersecurity landscape is constantly evolving!
AI Snips
Chapters
Transcript
Episode notes
Malware Hidden in JPG Image
- Xavier discovered a malware using an Excel macro and an HTA file to load a JPG image that hides the Katz stealer malware.
- The image contains embedded PE file headers within specific JPEG tags, enabling executable loading and execution.
Exploiting Website Trust for Malware
- Compromised websites often redirect visitors to malware sites by exploiting users' trust in these sites.
- Even low-profile sites are valuable targets due to their trusted user base.
JSF*CK Obfuscation Uniqueness
- The JSFireTruck campaign uses JSF*CK obfuscated JavaScript, consisting only of brackets, plus signs, and exclamation marks.
- This odd-looking obfuscation makes the malicious code easier to spot despite its complexity.