Security News > 2022 > September > Hacking group hides backdoor malware inside Windows logo image
Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo.
The group is also considered part of the TA410 operatives, previously linked to attacks against U.S. energy providers.
In the campaign discovered by Symantec, Witchetty is using steganography to hide an XOR-encrypted backdoor malware in an old Windows logo bitmap image.
The file is hosted on a trusted cloud service instead of the threat actor's command and control server, so the chances of raising security alarms while fetching it are minimized.
The attack begins with the threat actors gaining initial access to a network by exploiting the Microsoft Exchange ProxyShell and ProxyLogon attack chains to drop webshells on vulnerable servers.
In the campaign discovered by Symantec, the hackers rely on exploiting last year's vulnerabilities to breach the target network, taking advantage of the poor administration of publicly exposed servers.
News URL
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)