Unveiling the Alarming Email Threat Lurking in Gmail and Outlook!

Update, Jan. 19, 2025: This article, initially published on Jan. 18, now features mitigation strategies to assist in safeguarding against the concealed email hacking method exploited by the VIP Keylogger and 0bj3ctivityStealer threat campaigns.

It’s no mystery that cybercriminals seek your account credentials, whether through rapid-fire attacks on Microsoft accounts or attempts to bypass two-factor authentication for Google users. The primary initial attack strategies involve your email, whether it be clickbait or phishing threats that promise to be safe. Recently, cybersecurity researchers have pronounced a caution regarding VIP Keylogger and 0bj3ctivityStealer malware, which are cleverly disguised within your email correspondence. As Gmail and Outlook are the leading email services, users are advised to be particularly vigilant against these assaults. Here’s what you ought to be aware of.

ForbesWhatsApp Security Warning—Hacked Links Target UsersBy Davey Winder

How Hacking Threats Conceal Themselves In Your Email

While phishing threats are far from new and continuously evolving, many still rely on the same outdated tactics of clicking on links and executing attached files. However, the recent HP Wolf security threat insights report has raised an alert regarding a significant malware threat being delivered via email while remaining concealed within images. In fact, not just one malware threat, but two.

Security experts have documented how they intercepted malware campaigns distributing the VIP Keylogger and 0bj3ctivityStealer hacking threats both employing the same initial exploitation techniques: embedding malicious code within images. VIP Keylogger can capture keystrokes and exfiltrate credentials from several sources including applications and clipboard information. 0bj3ctivityStealer is also, as its name implies, a data thief that targets both account credentials and credit card information.

“By embedding harmful code in images and hosting them on trustworthy websites,” the researchers asserted, “the cybercriminals were more likely to evade network safeguards like web proxies that depend on reputation assessments.”

“The strategies noted in the report showcase that threat actors are repurposing and piecing together attack elements to enhance the effectiveness of their operations,” stated James Coker, writing for Infosecurity Magazine.

In what the HP Wolf researchers referred to as “extensive malware campaigns” propagating the VIP Keylogger threat, emails were sent masquerading as invoices and purchase orders to victims, and the investigation revealed “numerous malicious images” with the most accessed one being viewed 29,000 times. Conversely, 0bj3ctivityStealer was disseminated using archive files that appeared to be requests for quotations. These files would, if executed, download an image from a remote host that contained the harmful code itself.

ForbesYubico Releases Security Warning As 2FA Bypass Vulnerability VerifiedBy Davey Winder

Reducing The Risks Concealed In Your Email

Google has been developing new safeguards to shield billions of Gmail users from a variety of cyberattacks, including the phishing and malware threats highlighted by the HP Wolf researchers. In 2024, Gmail’s senior director of product management, Andy Wen, declared, “we created several groundbreaking AI models that have considerably bolstered Gmail’s cyber defenses, including a new large language model trained on phishing, malware, and spam.” This has enabled the blocking of 20% more spam than previous defenses by accurately identifying harmful patterns. Another AI model, Wen noted, “functions as a supervisor for our existing AI defenses by promptly assessing hundreds of threat signals whenever a suspicious message is flagged and applying the right protection.”

On the other hand, Microsoft stated that “all Outlook.com users benefit from spam and malware filtering. For Microsoft 365 Family and Microsoft 365 Personal subscribers, Outlook.com executes extra evaluations of the attachments and links in the messages you receive.” These enhanced security features are automatically activated for all Microsoft 365 Family and Microsoft 365 Personal subscribers who possess email accounts ending in @outlook.com, @hotmail.com, @live.com, and @msn.com.

ForbesNew Caution on 2FA Bypass Attack For Microsoft UsersBy Davey Winder