Another threat has joined the espionage malware family: PixSteal

Deep analyze reveals this malware steals images with JPG and JPEG extensions as well as memory dump files with DMP extension from anywhere in the system, then sends them to hackers remote FTP site, by copying all in a hidden command prompt batch script process.

Here’s a piece of the script used by the malware, copying all related files in C: drive to C: drive root in order to then upload to the hacker remote FTP.This script is executed on all drives in the system.

for /r c: %* in (*.jpg *.jpeg *.dmp) do @copy /y %* c: