Security News > 2022 > November > Worok hackers hide new malware in PNGs using steganography
A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms.
Avast's report is based on additional artifacts the company captured from Worok attacks, confirming ESET's assumptions about the nature of the PNG files and adding new information on the type of malware payloads and the data exfiltration method.
While the method used to breach networks remains unknown, Avast believes Worok likely uses DLL sideloading to execute the CLRLoader malware loader into memory.
Hiding payload in PNGs. Steganography is concealing code inside image files that appear normal when opened in an image viewer.
The 'DropBoxControl' malware uses an actor-controlled DropBox account to receive data and commands or upload files from the compromised machine.
The commands are stored in encrypted files on the threat actor's DropBox repository that the malware accesses periodically to retrieve pending actions.
News URL
Related news
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)