1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Experts warn of 'highly sophisticated' weaponized JPEG campaign u

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 12, 2026 11:15:27
    Experts warn of 'highly sophisticated' weaponized JPEG campaign used to send out ScreenConnect malware

    Date:
    Tue, 12 May 2026 10:00:41 +0000

    Description:
    Hackers are targeting enterprises with a jpeg file, establishing persistence and elevating privileges.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Attackers weaponized a .jpeg file to deliver PowerShell payloads, trojanized ScreenConnect, and establish persistence The malware enables credential theft, encrypted C2 comms, and surveillance features Cyfirma warns the campaign reflects a mature intrusion framework Be careful when downloading files from the internet, as even innocent .jpeg files can actually contain malware, experts have warned.

    Security researchers Cyfirma published an in-depth report on a brand new hacking campaign they named Operation SilentCanvas. While we dont know the number of infections, or successfully compromised victims, the researchers said the campaign likely targets enterprises and other organizations using remote administration tools. The attack starts when the victim receives the weaponized .jpeg file. Again, we dont know the exact delivery mechanism, but Cyfirma speculates the file is delivered either via phishing emails with malicious attachments, deceptive file-sharing interactions, or fake software and update lures. Latest Videos From You may like Experts warn that free
    image editor tool could actually be dangerous malware Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors 'By replacing a legitimate update with a malicious one, they turned the products update flow into a malware distribution channel': Experts find flaw in TrueConf video conferencing tool used by governments, military
    "Professionally engineered and operationally mature intrusion framework" In any case, when the victim runs the file, named sysupdate.jpeg, it actually executes a malicious PowerShell payload which does a number of things: it downloads additional payloads from the attackers infrastructure; deploys a trojanized version of ConnectWise ScreenConnect for covert remote access; bypasses Windows security protections and elevates privileges by adding malicious Registry entries; and establishes persistence via a fake Windows service named OneDriveServers.

    The malware also enables encrypted communications with the
    command-and-control (C2) infrastructure, steals credentials, and fingerprints the system. Other supported features include screen capture, microphone capture, and clipboard monitoring.

    The overall tradecraft reflects a professionally engineered and operationally mature intrusion framework capable of supporting long-term covert
    persistence, credential theft, lateral movement, enterprise espionage, and potential ransomware deployment within enterprise environments, Cyfirma concluded, without naming the group, or even linking it to a specific
    country, or region.

    To defend against this campaign, security experts should keep an eye on commonly abused Windows binaries, including csc.exe, cvtres.exe, or ComputerDefaults.exe. If possible, these should be blocked entirely. Remote access platforms should be strictly controlled, and detection rules for suspicious PowerShell behavior set up. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Finally, any system that displays unexpected ScreenConnect activity should be sealed off immediately. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/experts-warn-of-highly-sophisticated-we aponized-jpeg-campaign-used-to-send-out-screenconnect-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)