Worok hackers hide new malware in PNGs using steganography

[HotGirl]

https://www.bleepingcomputer[.]com/...hide-new-malware-in-pngs-using-steganography/

T.Hunter

#news Новая малварь от группировки Worok замечена в сетевых прериях. И прячут её злоумышленники в PNG-файлах с помощью стеганографии. Небольшие куски вредоносного кода записываются в наименьшие значащие биты пикселей изображения. Позже их доставляют и собирают на машине жертвы с помощью dll-ок...

t.me

Game over? Can someone who knows malware please tell us, is this basically getting infected just by opening a PNG file? If that's the case, the world is fucked.
игра закончена? Может ли кто-нибудь, кто знает вредоносное ПО, сказать нам, заражается ли он, просто открывая файл PNG? Если это так, то миру пиздец.

 

[poolshrimp]

Have you read the article you refer to?

Next, the CLRLoader loads the second-stage DLL (PNGLoader), which extracts bytes embedded in PNG files and uses them to assemble two executables.
...
The first payload extracted from those bits by PNGLoader is a PowerShell script that neither ESET nor Avast could retrieve.
The second payload hiding in the PNG files is a custom .NET C# info-stealer (DropBoxControl) that abuses the DropBox file hosting service for C2 communication, file exfiltration, and more.

That is, the pngs only deliver payloads.

P.S.: The link is broken. The working one is https://www.bleepingcomputer[.]com/...hide-new-malware-in-pngs-using-steganography/

 

[HotGirl]

Have you read the article you refer to?


That is, the pngs only deliver payloads.

P.S.: The link is broken. The working one is https://www.bleepingcomputer[.]com/...hide-new-malware-in-pngs-using-steganography/

Hey thanks, yes I did read it, but believe me for someone not familiar with malwares and all, I couldn't understand how it was delivered. But thanks to DildoFagins he explained more here:
/threads/26447/page-53#post-523307