Malware found hiding in a Windows logo

An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments.

Although not new, this is a rare technique where malware is hidden inside an image. The trojan can perform various functions, including removing and creating directories, manipulating files, launching/terminating processes, running/downloading executables, enumerating and killing processes, and stealing documents. It can also create, read, and delete registry keys.

The image used by Witchetty espionage group is a bitmap of an old Windows logo, and the malicious code it carries is a backdoor Trojan (Backdoor.Stegmap) capable of executing a range of system commands. By disguising the malicious payload as an image, it's possible to hide it in plain sight on a free and trusted service while avoiding detection as a security threat. In this case, Witchetty hosted the bitmap on GitHub.

Symantec says Witchetty's latest toolset including this steganography technique has already been used on two government agencies in the Middle East and a stock exchange in Africa. The group is viewed by Symantec as a capable threat actor that has "demonstrated the ability to continually refine and refresh its toolset in order to compromise targets of interest."

Read more -here-

• Change to Adobe terms & conditions outrages many professionals
• FTC launches an antitrust probe into Microsoft's deal with Inflection AI
• The AT&T and Verizon outage that cut off phone calls is over
• Google database leaks, detailing privacy incidents and data issues
• 600,000 routers were bricked in a single cyberattack last year
• Tesla to recall 125,227 vehicles over faulty seat belt warning system