Security News > 2022 > September > Hacking group hides backdoor malware inside Windows logo image
Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo.
The group is also considered part of the TA410 operatives, previously linked to attacks against U.S. energy providers.
In the campaign discovered by Symantec, Witchetty is using steganography to hide an XOR-encrypted backdoor malware in an old Windows logo bitmap image.
The file is hosted on a trusted cloud service instead of the threat actor's command and control server, so the chances of raising security alarms while fetching it are minimized.
The attack begins with the threat actors gaining initial access to a network by exploiting the Microsoft Exchange ProxyShell and ProxyLogon attack chains to drop webshells on vulnerable servers.
In the campaign discovered by Symantec, the hackers rely on exploiting last year's vulnerabilities to breach the target network, taking advantage of the poor administration of publicly exposed servers.
News URL
Related news
- Iranian hackers pose as journalists to push backdoor malware (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Beware: These Fake Antivirus Sites Spreading Android and Windows Malware (source)
- New Warmcookie Windows backdoor pushed via fake job offers (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (source)
- Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (source)