Malware hidden in PNG images

<p>ESET and Avast security researchers have just discovered evidence of threat actors delivering malicious code using PNG files&period; Both companies confirmed that a threat actor under the name &&num;8220&semi;Worok&&num;8221&semi; has been using this method since early September 2022&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-2012" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2017&sol;02&sol;security&period;jpg" alt&equals;"" width&equals;"640" height&equals;"426" &sol;><&sol;p>&NewLine;<p>According to the report&comma; &&num;8220&semi;Worok&&num;8221&semi; has been busy targeting high-profile victims including government organizations from the Middle East&comma; Southeast Asia&comma; and South Africa&period;<&sol;p>&NewLine;<p>The attack appears to be a multi-stage process in which the attacker executes the CLRLoader malware which loads PNGLoader DLL that is capable of reading obfuscated code that is hidden in PNG files&period; This malware code appears to support numerous commands including launching an executable and downloading and uploading data to and from Dropbox&comma; running cmd &sol;c&comma; deleting data&comma; and setting up new directories that can be used for backdoor payloads&period;<&sol;p>&NewLine;<p>A seemingly benign package can download a PNG picture from the web and then install extra tools that process the picture and trigger the processing generated output using the exec command&period;<&sol;p>&NewLine;<p>According to researchers&comma; this malware could be the work of a cyberespionage group that is working quietly across target networks and stealing sensitive data&period;<&sol;p>&NewLine;