Security News > 2022 > November > Worok hackers hide new malware in PNGs using steganography
A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms.
Avast's report is based on additional artifacts the company captured from Worok attacks, confirming ESET's assumptions about the nature of the PNG files and adding new information on the type of malware payloads and the data exfiltration method.
While the method used to breach networks remains unknown, Avast believes Worok likely uses DLL sideloading to execute the CLRLoader malware loader into memory.
Hiding payload in PNGs. Steganography is concealing code inside image files that appear normal when opened in an image viewer.
The 'DropBoxControl' malware uses an actor-controlled DropBox account to receive data and commands or upload files from the compromised machine.
The commands are stored in encrypted files on the threat actor's DropBox repository that the malware accesses periodically to retrieve pending actions.
News URL
Related news
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)