Security News > 2022 > September > Hacking group hides backdoor malware inside Windows logo image
Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo.
The group is also considered part of the TA410 operatives, previously linked to attacks against U.S. energy providers.
In the campaign discovered by Symantec, Witchetty is using steganography to hide an XOR-encrypted backdoor malware in an old Windows logo bitmap image.
The file is hosted on a trusted cloud service instead of the threat actor's command and control server, so the chances of raising security alarms while fetching it are minimized.
The attack begins with the threat actors gaining initial access to a network by exploiting the Microsoft Exchange ProxyShell and ProxyLogon attack chains to drop webshells on vulnerable servers.
In the campaign discovered by Symantec, the hackers rely on exploiting last year's vulnerabilities to breach the target network, taking advantage of the poor administration of publicly exposed servers.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites (source)