steganography

Pierluigi Paganini November 18, 2022
Ongoing supply chain attack targets Python developers with WASP Stealer

A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting Python developers. The attackers are using Python packages to distribute a polymorphic malware called W4SP […]

Pierluigi Paganini November 15, 2022
Avast details Worok espionage group’s compromise chain

Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers from cybersecurity firm Avast observed the recently discovered espionage group Worok abusing Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. The experts started their investigation from the analysis published […]

Pierluigi Paganini November 10, 2022
Researchers warn of malicious packages on PyPI using steganography

Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github.  The […]

Pierluigi Paganini September 30, 2022
Witchetty APT used steganography in attacks against Middle East entities

A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom’s Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously undocumented backdoor in a Windows logo. The group used the backdoor in attacks against Middle Eastern governments. The cyber […]

Pierluigi Paganini June 22, 2020
A new variant of the IcedID banking Trojan spreads using COVID-19 lures

Experts spotted a new version of the IcedID banking trojan that uses steganography to infect victims as part of COVID-19 themed attacks. A new version of the IcedID banking trojan was employed in COVID-19 themed attacks, the new variant uses steganography to infect victims and implements anti-detection capabilities. Researchers at Juniper Threat Labs have spotted […]

Pierluigi Paganini February 09, 2019
GandCrab ransomware campaign targets Italy using steganography

A newly discovered malware campaign leverages steganography to hide GandCrab ransomware in an apparently innocent Mario image. Security experts at Bromium have discovered a malware campaign using steganography to hide the GandCrab ransomware in a Mario graphic package. According to Matthew Rowan, a researcher at Bromium, threat actors use steganography to hide the malicious code and […]

Pierluigi Paganini February 07, 2019
Ursnif: Long Live the Steganography and AtomBombing!

Yoroi ZLab – Cybaze uncovered a new wave of Ursnif attacks using a variant that implements an exotic process injection technique called AtomBombing Another wave of Ursnif attacks hits Italy. Ursnif is one of the most active banking trojans. It is also known as GOZI, in fact, it is a fork of the original Gozi-ISFB banking Trojan that […]

Pierluigi Paganini January 27, 2019
Using steganography to obfuscate PDF exploits

Experts discovered PDF exploit that was using steganography to hide malicious JavaScript code in images embedded in PDF files. The exploit analysis firm EdgeSpot recently discovered PDF exploit that was using steganography to hide malicious JavaScript code in images embedded in PDF files. “Shortly after last week’s discovery of a PDF exploit which used the […]

Pierluigi Paganini December 30, 2016
Sundown Exploit Kit now leverages on the steganography

A new variant of the Sundown exploit kit leverages on steganography to hide exploit code in harmless-looking image files. Security experts from Trend Micro have spotted a new version of the Sundown exploit kit that exploits steganography in order to hide malicious code in harmless-looking image files. The use of steganography was recently observed in the malvertising campaigns conducted […]

Pierluigi Paganini February 01, 2016
Dozens of games infected with Xiny available on the Google Play

Experts at Dr Web discovered dozens of Android game apps in the Google Play Store have been infected with the Android.Xiny Trojan. Bad news for Android users, according to the security Doctor Web firm dozens of game apps in the Google Play Store have been infected with the Android.Xiny.19.origin Trojan. The malware could allow attackers to control the victim’s […]