Here’s how hackers are using simple PNG images to hack into your PC

Avast cybersecurity researchers have unveiled a massive espionage operation that leverages steganography techniques. Worok’s cybercriminals hide their evil code in images to steal information from their targets.

According to experts, Worok uses an extremely sophisticated spy tool. The latter was designed to exfiltrate information from the target’s computer through a PNG format file. Its code is hidden in a very normal image. This malware appeared on ESET’s radars in September 2022. The Stegmap software was then hiding in a Windows logo to infect the computer of its victims.

To read – How Hackers Can Crack Your Passwords Using a Thermal Camera

The new campaign of attacks led by Worok takes place in several phases, which helps them to pass unnoticed. Avast failed to determine which tools exactly are used, and they failed to find out how the virus manages to infiltrate the victims’ network. What they know a little better, however, is the operating mode of the malware once it is in place. Once it gains access to the targeted computer, the malware downloads a virus, the CLRLoader, pretending to be a windows dll (Dynamic Link Library).

The malware hidden in an image launches a script on computers running Windows

This virus then downloads another function library, the PNGLoader, which extracts and assembles some of the code hidden in the PNG file into an executable file. This last launches a powershell script and a backdoor receiving instructions from a remote Dropbox account.

Read — 60% of Internet users use the same password on several platforms despite the dangers

As we can see, the process used is extremely complex. So complex even that in the opinion of experts, this campaign is an operation sponsored by a government or a state entity. At first glance, Worok’s targets are senior officials based in countries in the Middle East, South Africa and South East Asia. Ordinary citizens can a priori continue to use their computers. We still recommend that you be wary of attachments from unverified sources.

Source: Bleeping Computer

Source link -101