Operation SilentCanvas is a sophisticated malware campaign that uses weaponized .jpeg files as an initial infection vector, likely delivered via phishing. These files deploy PowerShell payloads to install a trojanized version of ConnectWise ScreenConnect, enabling persistent remote access, credential theft, and surveillance. IT professionals should monitor for abused Windows binaries, strictly control remote access platforms, and set up detection rules for suspicious PowerShell activity, isolating any systems with unexpected ScreenConnect behavior.
Malware Operation SilentCanvas: Attackers use .jpeg files to deliver malware May 13, 2026 Share By SC Staff (Adobe Stock) Coverage from Tech Radar indicates that a new hacking campaign, dubbed "Operation SilentCanvas," is employing sophisticated techniques to infiltrate organizations. The campaign is notable for its use of seemingly innocuous .jpeg files to deliver malicious payloads, targeting enterprises that rely on remote administration tools. Attackers are weaponizing .jpeg files to deliver PowerShell payloads, trojanize ScreenConnect, and establish persistence on target systems. The malware, described by Cyfirma as part of a "professionally engineered and operationally mature intrusion framework," enables credential theft, encrypted command-and-control communications, and surveillance features like screen capture and microphone monitoring. The infection vector likely involves phishing emails, deceptive file-sharing, or fake software updates. Once executed, the malicious file deploys a trojanized version of ConnectWise ScreenConnect for covert remote access, bypasses Windows security, and elevates privileges. Experts advise monitoring for abused Windows binaries, strictly controlling remote access platforms, and setting up detection rules for suspicious PowerShell activity. Any system exhibiting unexpected ScreenConnect activity should be immediately isolated. Source: Tech Radar SC Staff Related AI benefits/risks Why we need a ‘zero-trust for code’ behavioral approach to secure software Ken Ammon May 11, 2026 AI has broken down the old model for classifying code – here’s how a behavioral approach makes more sense today. Malware New PamDOORa Linux backdoor sold on cybercrime forum SC Staff May 11, 2026 PamDOORa functions as a post-exploitation toolkit, enabling attackers to gain persistent access to Linux systems (x86_64) through a "magic password" and a specific TCP port combination. Malware Australian organizations warned of Vidar Stealer malware campaign using ClickFix technique SC Staff May 8, 2026 Bleeping Computer reports that the Australian Cyber Security Center (ACSC) has issued a warning to organizations about an ongoing campaign that utilizes the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Adware You can skip this ad in 5 seconds