Brandefense Academy Your trusted hub for learning, developing, and mastering the skills that shape tomorrow's digital defense.
Discover Now
RESOURCES TYPES
Brandefense Academy Your trusted hub for learning, developing, and mastering the skills that shape tomorrow's digital defense.
Discover NowNOVEMBER 15, 2022
[vc_row pix_particles_check=”” nav_skin=”light” consent_include=”include”][vc_column][vc_column_text]A recently discovered cyber spy group called Worok has been found to hide malware in image files. PNG files’ purpose is to hide a malicious payload used to facilitate information theft.
Avast discovered that Worok used a C++-based Payload called CLRLoad to pave the way for a PowerShell script embedded in PNG images, using a cloaking technique known as steganography. The findings show that the threat actor applied DLL Injection after gaining initial access to execute the CLRLoad malware.
Used in the attack chain, Malware called DropboxControl uses a Dropbox account for command and control (C&C) and captures data by allowing the threat actor to download/upload/run files to specific folders. Private companies and government agencies operating in locations such as Cambodia, Vietnam, and Mexico are among the countries affected by DropboxControl.[/vc_column_text][vc_empty_space height=”10px”][vc_single_image image=”16864″ img_size=”full” add_caption=”yes” alignment=”center”][vc_empty_space height=”10px”][vc_column_text]Avast confirmed the Worok findings of ESET researchers and contributed to the expansion of the attack chain.
The tools used by Worok, which capture data through Dropbox accounts registered in active Google e-mails, are not very common; It is considered to be an APT project focused on high-profile organizations in the private and public sectors in Asia, Africa and North America.
As a precaution against targeted cyber attacks;
[/vc_column_text][vc_empty_space][/vc_column][/vc_row]
Take control of your digital security with an exclusive demo of our powerful threat management platform.
