HomeTechnologyMore malware is hidden in PNG images, so beware

Technology

More malware is hidden in PNG images, so beware

2 minute read

Researchers have found evidence of new threats using PNG files to deliver malicious payloads.

ESET and Avast have confirmed seeing a threat actor by the name of Worok using this method since early September 2022.

Apparently, Worok has been busy targeting high-profile victims, such as government organizations, throughout the Middle East, Southeast Asia and South Africa.

multi-stage attack

The attack is a multi-stage process, in which the attackers use a DLL sideloader to execute the CLRLoader malware which in turn loads the PNGLoader DLL, which is capable of reading obfuscated code hidden in PNG files.

This code translates to DropBoxControl, a .NET C# infostealer that misuses Dropbox file hosting to communicate and steal data. This malware appears to support several commands, including running cmd /c, launching an executable, downloading and loading data to and from Dropbox, deleting data from target endpoints, setting new directories (for additional backdoor payloads), and extracting system information .

Because of its range of tools, researchers believe that Worok is the work of a quietly operating cyber-espionage group, likes to move sideways across targeted networks, stealing sensitive data. It also appears to be using its own tools, as researchers have not noticed its use by anyone else.

Worok uses Least Significant Bit (LSB) Encoding, embedding small bits of malicious code into the least significant portions of the pixels in an image, it has been said.

Steganography appears to be gaining popularity as a cybercrime tactic. In twenty similar researchers from Check Point Research (CPR), they recently found a malicious package on SerpentAn image-based PyPI repository that uses an image to deliver a Trojan Malware (Opens in a new tab) It’s called apicolor, and is largely used by GitHub as a distribution method.

The seemingly benign package downloads an image from the web, installs additional tools that process the image, and then runs the output generated by the processing with the exec command.

One of these two requirements is the judyb code, which is a steganographic module capable of revealing hidden messages inside images. This led the researchers to revert to the original image, which turned out to be downloading malicious packages from the web to the victim End point (Opens in a new tab).

Across: Computer (Opens in a new tab)

When AI can make art – what does that mean for creativity? | Artificial Intelligence (AI)

WChicken concept artist and painter RJ Palmer He witnessed for the first time

You’re right – a lot of work emails are just spam

A large percentage of your business Email messages It may not be useful in any

The Latest

IT Industry Can’t Run Without VPN: Chairman PTA
A meeting of the Senate Standing Committee on IT and Telecom was held under the

November 18, 2024
2 minute read
The Council of Islamic Ideology declared the use of VPN illegal
Allama Raghib Naimi, Chairman of the Council of Islamic Ideology, said in this

November 15, 2024
1 minute read
World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’
Punjab Information Technology Board (PITB) Chairman Faisal Yousaf was presented

August 27, 2024
1 minute read
Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies
Pakistan’s burgeoning Information Technology (IT) sector is facing an

August 18, 2024
2 minute read

Weekly Must-ReadsView All

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

Popular Topics

Trending NowView All

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

More malware is hidden in PNG images, so beware

Leave a Reply Cancel reply

When AI can make art – what does that mean for creativity? | Artificial Intelligence (AI)

You’re right – a lot of work emails are just spam

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

How to watch Meta Connect 2022 and see the “Quest Pro” headset appear live

Graffiti marks take architectural form in Marcus Byrne’s Artificial Intelligence series

Apple Watch 9: What we want to see

Your CIO may now wield more power than ever before

Weekly Must-ReadsView All

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

More malware is hidden in PNG images, so beware

Leave a Reply Cancel reply

When AI can make art – what does that mean for creativity? | Artificial Intelligence (AI)

You’re right – a lot of work emails are just spam

IT Industry Can’t Run Without VPN: Chairman PTA

The Council of Islamic Ideology declared the use of VPN illegal

World Bank Consultant Presents Chairman PITB With His Book ‘Technology in Policing’

Pakistan IT Industry at Risk: Firewall Causing Mass Exodus of Companies

You May Also Like

How to watch Meta Connect 2022 and see the “Quest Pro” headset appear live

Graffiti marks take architectural form in Marcus Byrne’s Artificial Intelligence series

Apple Watch 9: What we want to see

Your CIO may now wield more power than ever before