The Broadband Guide
search advanced

Malware found hiding in a Windows logo

2022-10-03 16:44 by
Tags: , , ,


An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments.

Although not new, this is a rare technique where malware is hidden inside an image. The trojan can perform various functions, including removing and creating directories, manipulating files, launching/terminating processes, running/downloading executables, enumerating and killing processes, and stealing documents. It can also create, read, and delete registry keys.

The image used by Witchetty espionage group is a bitmap of an old Windows logo, and the malicious code it carries is a backdoor Trojan (Backdoor.Stegmap) capable of executing a range of system commands. By disguising the malicious payload as an image, it's possible to hide it in plain sight on a free and trusted service while avoiding detection as a security threat. In this case, Witchetty hosted the bitmap on GitHub.

Symantec says Witchetty's latest toolset including this steganography technique has already been used on two government agencies in the Middle East and a stock exchange in Africa. The group is viewed by Symantec as a capable threat actor that has "demonstrated the ability to continually refine and refresh its toolset in order to compromise targets of interest."

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About