0bj3ctivityStealer Hides Payload in Images, Hits Firms

A newly uncovered information-stealing malware known as 0bj3ctivityStealer has drawn attention for its advanced exfiltration tactics and layered execution chain. First identified by HP Wolf Security researchers, the malware hides payload using obfuscated JavaScript and steganographic methods to bypass traditional detection systems. Its attack begins with phishing emails disguised as purchase order requests, luring users into downloading files hosted on Mediafire.

Trellix analysts revealed that 0bj3ctivityStealer hides payload within benign-looking image files. These images, downloaded from archive.org, contain embedded .NET DLL components extracted through precise hexadecimal pattern recognition and pixel analysis. The malware’s loader performs virtualization checks and uses process hollowing to inject the stealer into Windows processes like Regasm.exe.

Detected in the U.S., Germany and Montenegro, the malware targets manufacturing firms and government entities. Its broad reach and multi-stage deployment model highlight a growing threat to global cybersecurity.

Read the full report here: https://cybersecuritynews.com/0bj3ctivitystealers-execution-chain/