Security News > 2022 > October > Steganography alert: Backdoor spyware stashed in Microsoft logo

Internet snoops have been caught concealing spyware in an old Windows logo in an attack on governments in the Middle East.

The Witchetty gang used steganography to stash backdoor Windows malware - dubbed Backdoor.

From what we can tell, Witchetty first compromises a network, getting into one or more systems, then downloads this image from, say, a repository on GitHub, unpacks the spyware within it, and runs it.

In April analysts at European cybersecurity shop ESET documented Witchetty - which they called LookingFrog at the time - as one of three subgroups within TA410, an espionage group with loose ties to the APT10 gang known for targeting enterprises in the US utility sector and diplomatic organizations in the Middle East and Africa.

To bring Stegmap into a network, a DLL loader is run that downloads the bitmap file of the Windows logo from a GitHub repository.

The Symantec researchers wrote that Witchetty launched an espionage campaign against two Middle Eastern governments and a stock exchange in Africa using Stegmap.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/02/witchetty_windows_logo_spyware/