Security News > 2022 > September > Hacking group hides backdoor malware inside Windows logo image

Hacking group hides backdoor malware inside Windows logo image
2022-09-29 21:14

Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo.

The group is also considered part of the TA410 operatives, previously linked to attacks against U.S. energy providers.

In the campaign discovered by Symantec, Witchetty is using steganography to hide an XOR-encrypted backdoor malware in an old Windows logo bitmap image.

The file is hosted on a trusted cloud service instead of the threat actor's command and control server, so the chances of raising security alarms while fetching it are minimized.

The attack begins with the threat actors gaining initial access to a network by exploiting the Microsoft Exchange ProxyShell and ProxyLogon attack chains to drop webshells on vulnerable servers.

In the campaign discovered by Symantec, the hackers rely on exploiting last year's vulnerabilities to breach the target network, taking advantage of the poor administration of publicly exposed servers.


News URL

https://www.bleepingcomputer.com/news/security/hacking-group-hides-backdoor-malware-inside-windows-logo-image/