Witchetty Hacker group hides backdoor malware in Windows logo
![](https://researchsnipers.com/wp-content/uploads/2022/10/Witchetty-Hacker-group-hides-backdoor-malware-in-Windows-logo-1024x576.jpg)
Security researchers have discovered a new trick used by a hacker group called “Witchetty” to plant spyware on PC users. An image encryption process and an image of a Windows logo are used. That reports that Online magazine Bleeping Computer.
The new threat was reported by the security specialists at Symantec. In the campaign discovered by Symantec, the hackers exploit vulnerabilities discovered over the past year to break into the target network, taking advantage of the poor management of the public-facing servers. Infographic cyber attacks from the east: hackers target German companies
Well Disguised
The toolkit used to target various vulnerabilities uses steganography to hide its malicious payload from antivirus software. Steganography is the hiding of data in other, non-secret, public information or computer files, such as B. pictures to avoid detection. This allows a hacker to create a working image file that displays correctly on the computer, but also contains malicious code.
Malicious malware is hidden in the Windows logo
This is exactly the case with the attacks of the Witchetty group. They hid an XOR-encrypted backdoor malware in an old Windows logo bitmap image. The file is hosted on a trusted cloud service, so there will be no security alarm when retrieving the file. “By cloaking the payload in this way, the attackers could also host it on a free, trusted service,” explains Symantec in its report: “Downloads from trusted hosts like GitHub raise far fewer alarms than downloads from an attacker-controlled Command and Control (C&C) server.”
The attack begins with the attackers first gaining access to a network by exploiting the Microsoft Exchange ProxyShell and ProxyLogon attack chains. Once access is gained, further malware can be smuggled in. Witchetty is believed to have close ties to state-backed Chinese threat actor APT10. The group has also been linked to attacks on US utility companies. According to Symantec, hackers are currently targeting government institutions in particular.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.