Malware Hidden in Windows' Logo, Threat Actors Attack Middle East Govt

October 03, 2022 By Raulf Hernes

(Image Credit Google)

In its strikes against Middle Eastern countries, a threat actor with an emphasis on espionage has concealed malware under the Windows logo. The improved tooling was credited to Witchetty, also known as LookingFrog, a subgroup operating under the TA410 banner, according to Broadcom's Symantec Threat Hunter Team. The modular implant LookBack is typically used in TA410 intrusions, which are thought to have ties to the Chinese threat group APT10 (also known as Cicada, Stone Panda, or TA429).

The usage of a brand-new backdoor called Stegmap is highlighted in Symantec's most recent investigation of attacks between February and September 2022, when the gang attacked the governments of two Middle Eastern nations and the stock exchange of an African country. The new malware uses steganography, a method for hiding a message (in this case, malware) in an openly available document, to extract dangerous code from a bitmap image of a previous version of the Microsoft Windows logo. "Disguising the payload in this fashion allowed the attackers to host it on a free, trusted service," the researchers said. "Downloads from trusted hosts such as GitHub are far less likely to raise red flags than downloads from an attacker-controlled command-and-control (C&C) server." Like many backdoors, Stegmap includes a wide range of features that enable it to do file manipulation operations, download and run executables, stop processes, and alter the Windows Registry.

According to a timetable of an attack on a Middle Eastern government institution, Witchetty maintained remote access for up to six months and carried out a variety of post-exploitation activities up until September 1, 2022. "Witchetty has demonstrated the ability to continually refine and refresh its toolset in order to compromise targets of interest," the researchers said. "Exploitation of vulnerabilities on public-facing servers provides it with a route into organizations, while custom tools paired with adept use of living-off-the-land tactics allow it to maintain a long-term, persistent presence in targeted organizations."

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!

Malware Hidden in Windows' Logo, Threat Actors Attack Middle East Govt

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Amazon's Conversational Genie to Answer Product Queries

Threads is working on an API for developers

Elon Musk's X Introduces 2 New Special Membership Plans

Amazon Clinic Expands to Treat Coughs, Colds, and Flu

Google is making password-killing technology available to all accounts

TikTok Executive Confirms Manual Promotion of Content on Platform