Home » News » PNG images contains more malware hidden inside, so be cautious

PNG images contains more malware hidden inside, so be cautious

fb twitter pinterest linkedin
PNG images contains more malware hidden inside, so be cautious-GadgetAny
More malware is being concealed in PNG images, so be cautious.

Researchers discovered proof of new threat actors delivering malicious payloads via PNG files.

ESET and Avast have both confirmed that a threat actor known as Worok has been using this method as of early September 2022. Worok appears to have been active in targeting high-profile victims, like government organisations, in the Middle East, Southeast Asia, and South Africa.

Attack in multiple stages

The attack is a multi-stage process in which the threat actors use DLL sideloading to perform the CLRLoader malware, which then loads the PNGLoader DLL, which is capable of reading obfuscated code hidden in PNG files.

PNG Image

DropBoxControl is a C# infostealer that takes advantage of Dropbox for communication and data theft. Worok is thought to be the work of a cyberespionage group that works silently, moves laterally across target networks, and steals sensitive data. Worok appears to use its own, proprietary tools, as no one else has been observed using them.

Worok employs “least significant bit (LSB) encoding,” which embeds tiny pieces of malicious code in the pixels’ least important bits. Check Point researchers recently discovered a Trojan that seems to use an image to deliver apicolor Trojan malware.

Raulf Hernes

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!

Leave a Reply

Your email address will not be published.

18 − 5 =

Related news