https://heimdalsecurity.com/blog/watch-out-emerging-malware-is-skulking-in-steam-profile-pictures/
TLDR:
Threat actors hide their malware in harmless images frequently published online such as memes like “blinking white guy” used in the G Data analysis example.
The virus can update itself through a specified Steam profile. Just like the downloader, it will extract the executable from the PropertyTagICCProfile data in a picture of the Steam profile.
The researchers found that immediately after the execution, the malware terminates any security defenses and checks for administration rights, then copies itself to “LOCALAPPDATA” folder and persists by creating a key in a registry that G Data recognized as “\Software\Microsoft\Windows\CurrentVersion\Run\BroMal”.
TLDR:
Threat actors hide their malware in harmless images frequently published online such as memes like “blinking white guy” used in the G Data analysis example.
The virus can update itself through a specified Steam profile. Just like the downloader, it will extract the executable from the PropertyTagICCProfile data in a picture of the Steam profile.
The researchers found that immediately after the execution, the malware terminates any security defenses and checks for administration rights, then copies itself to “LOCALAPPDATA” folder and persists by creating a key in a registry that G Data recognized as “\Software\Microsoft\Windows\CurrentVersion\Run\BroMal”.