Technology

Witchetty Hacker group hides backdoor malware in Windows logo

Security researchers have discovered a new trick used by a hacker group called “Witchetty” to plant spyware on PC users. An image encryption process and an image of a Windows logo are used. That reports that Online magazine Bleeping Computer.

The new threat was reported by the security specialists at Symantec. In the campaign discovered by Symantec, the hackers exploit vulnerabilities discovered over the past year to break into the target network, taking advantage of the poor management of the public-facing servers. Infographic cyber attacks from the east: hackers target German companies

Well Disguised

The toolkit used to target various vulnerabilities uses steganography to hide its malicious payload from antivirus software. Steganography is the hiding of data in other, non-secret, public information or computer files, such as B. pictures to avoid detection. This allows a hacker to create a working image file that displays correctly on the computer, but also contains malicious code.

Malicious malware is hidden in the Windows logo

This is exactly the case with the attacks of the Witchetty group. They hid an XOR-encrypted backdoor malware in an old Windows logo bitmap image. The file is hosted on a trusted cloud service, so there will be no security alarm when retrieving the file. “By cloaking the payload in this way, the attackers could also host it on a free, trusted service,” explains Symantec in its report: “Downloads from trusted hosts like GitHub raise far fewer alarms than downloads from an attacker-controlled Command and Control (C&C) server.”

The attack begins with the attackers first gaining access to a network by exploiting the Microsoft Exchange ProxyShell and ProxyLogon attack chains. Once access is gained, further malware can be smuggled in. Witchetty is believed to have close ties to state-backed Chinese threat actor APT10. The group has also been linked to attacks on US utility companies. According to Symantec, hackers are currently targeting government institutions in particular.

Share
Published by
Yasir Zeb

Recent Posts

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

7 hours ago

Pixel 11: Mega leak shows images and data from the new Google smartphones

Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…

7 hours ago

Top 10 Payment Card Tools for Everyday Digital Finance

A payment card is easiest to understand when users see how it fits into real…

13 hours ago

OnePlus is ‘dead’: Oppo wants to soon announce its withdrawal from the EU & USA

OnePlus will soon be history. At least in Europe and the USA. What has been…

13 hours ago

Switch 2 OLED: Nintendo is apparently planning a display upgrade after all

Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…

13 hours ago

Maps: Google launches major visual update with immersive navigation

Google appears to be starting to distribute the new immersive navigation for Google Maps. The…

13 hours ago