Security News > 2022 > November > Worok hackers hide new malware in PNGs using steganography

Worok hackers hide new malware in PNGs using steganography
2022-11-10 19:17

A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms.

Avast's report is based on additional artifacts the company captured from Worok attacks, confirming ESET's assumptions about the nature of the PNG files and adding new information on the type of malware payloads and the data exfiltration method.

While the method used to breach networks remains unknown, Avast believes Worok likely uses DLL sideloading to execute the CLRLoader malware loader into memory.

Hiding payload in PNGs. Steganography is concealing code inside image files that appear normal when opened in an image viewer.

The 'DropBoxControl' malware uses an actor-controlled DropBox account to receive data and commands or upload files from the compromised machine.

The commands are stored in encrypted files on the threat actor's DropBox repository that the malware accesses periodically to retrieve pending actions.


News URL

https://www.bleepingcomputer.com/news/security/worok-hackers-hide-new-malware-in-pngs-using-steganography/