TrojPix air-gap covert channel turns video cables into a high-speed exfiltration path
Technical Analysis
Summary
Hide ▲
Show ▼
TrojPix introduces a new air-gap exfiltration technique that uses imperceptible pixel modulation and video cable emissions to move data out of isolated systems, raising the risk of high-speed leakage once malware is present. The method reached 8.1 Mbps in lab testing and extended to 208 meters, showing that a covert channel can remain practical at meaningful distance. It works with user-level malware and no hardware changes, which lowers the bar for stealing data from supposedly disconnected computers.
Related Happenings
TrickMo Android banking trojan variant with TON C2 and network pivots
Malware Activity
H score26
First: 12.05.2026 15:50
Last: 12.05.2026 15:50
Sources 1
About this happening:
A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...
TrickMo Android banking trojan variant with TON C2 and network pivots
Malware ActivityAbout this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...
BPFDoor Linux backdoor with HTTPS-hidden trigger packets
Malware Activity
H score23
First: 26.03.2026 19:40
Last: 26.03.2026 19:40
Sources 1
About this happening:
A newly disclosed **BPFDoor** variant is hiding trigger packets inside **HTTPS traffic** and using **ICMP** between infected hosts, making the **Linux** backdoor harder to detect...
BPFDoor Linux backdoor with HTTPS-hidden trigger packets
Malware ActivityAbout this happening: A newly disclosed **BPFDoor** variant is hiding trigger packets inside **HTTPS traffic** and using **ICMP** between infected hosts, making the **Linux** backdoor harder to detect...
Red Menshen telecom espionage campaign
Campaign
H score33
First: 26.03.2026 19:40
Last: 26.03.2026 19:40
Sources 1
About this happening:
A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...
Red Menshen telecom espionage campaign
CampaignAbout this happening: A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...
Timeline
-
06.07.2026 11:50 2 articles · 3d ago
Shandong University describes TrojPix covert channel for air-gapped exfiltration
Initial DisclosureShandong University researchers described TrojPix, a covert channel that leaks data from air-gapped systems by imperceptibly modulating on-screen pixels so a nearby receiver can decode faint radio emissions from the video cable. The method works with user-level malware that can draw to the screen, requires no administrator rights or hardware changes, and in lab tests reached a peak throughput of 8.1 Mbps and a range of 208 meters across nine monitor brands and fifteen video cables.
Show sources
- New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions — thehackernews.com — 06.07.2026 11:50
- New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions — thehackernews.com — 06.07.2026 11:50