Security News > 2022 > November > Worok hackers hide new malware in PNGs using steganography
A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms.
Avast's report is based on additional artifacts the company captured from Worok attacks, confirming ESET's assumptions about the nature of the PNG files and adding new information on the type of malware payloads and the data exfiltration method.
While the method used to breach networks remains unknown, Avast believes Worok likely uses DLL sideloading to execute the CLRLoader malware loader into memory.
Hiding payload in PNGs. Steganography is concealing code inside image files that appear normal when opened in an image viewer.
The 'DropBoxControl' malware uses an actor-controlled DropBox account to receive data and commands or upload files from the compromised machine.
The commands are stored in encrypted files on the threat actor's DropBox repository that the malware accesses periodically to retrieve pending actions.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)