Hackers hide malware in Microsoft’s Windows logo | iThome
Home » Technology » Hackers hide malware in Microsoft’s Windows logo | iThome

Hackers hide malware in Microsoft’s Windows logo | iThome

by

alreadyIncorporated into BroadcomThe Symantec Threat Hunter teamnotice last weekThe hacker group Witchetty (also known as LookingFrog) recently launched an attack on the Middle East and Africa, using rare stealth imaging technology (steganography) to implant a backdoor Trojan in the Windows brand.

Witchetty is a spy-type hacker organization. It was discovered in April of this year by another information security company, ESET, and believed to be one of the members of the spy hacker TA410, itself associated with the Chinese hacker group APT10. The main feature of Witchetty is to use the X4 backdoor program in the first phase and load the second LookBack backdoor in the second phase, and specifically infiltrate government organizations, diplomatic missions, charities and industrial organizations.

According to the Threat Hunter team’s investigation, from February to September of this year, Witchetty targeted governments of two Middle Eastern countries and an African country’s stock exchange center for attacks, exploiting ProxyShell vulnerabilities and ProxyLogon on Microsoft Exchange Server. To install the Web Shell on the external network server.

In this wave of attacks, in addition to existing tools, Witchetty has also adopted a new tool, Backdoor.Stegmap, which can use image encryption technology to extract payloads from bitmap (BMP) images. Hiding in a seemingly harmless bitmap can fool victims, one of whom was exploited by hackers using an old version of Microsoft’s Windows logo (below).

Image credit / Broadcom

Embedding malicious payloads into very secure-looking image files would allow hackers to place them on various reliable and free services like GitHub, rather than a hacker-controlled C&C server. On the device, the former is more difficult to detect.

Furthermore, the malicious payload embedded in the BMP file by the hacker is a fully functional backdoor program, which can create / remove directories, copy / move / delete files and enable / disable programs.The final host downloads and executes files, reads / creates / delete access codes or steal files, etc.

The Threat Hunter team released network intrusion indicators of related attacks for external reference.

Related posts:

Nintendo Direct: Check out the main event trailers!
Bulog Inspects the Origin of the FMD Outbreak, Sourced from Indian Meat Imports?
Get acquainted with the new Samsung Galaxy S22/ S22+, what are the specifications, advantages, and p...
Hri zu, a new patch made Gran Turisma a different game, not bought
“Collect together in the zodiac, the sheep and the mouse” What is today’s horoscope for zodiac? ‘October 4th’

“Collect together in the zodiac, the sheep and the mouse” What is today’s horoscope for zodiac? ‘October 4th’

A new breakdown leaves dozens of houses in Monforte without water

A new breakdown leaves dozens of houses in Monforte without water

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.