Project of AEREZONA DEVELOPERS. Contact Us at: +92-300-3308001 email at: [email protected]
HomeTech NewsCybersecurityBackdoor hidden in Windows logo

Backdoor hidden in Windows logo

Published on

- Advertisement -

A hacker group has used steganography in attacks on governments to download malware via harmless-looking bitmaps.


In their current attacks, a group of cyber spies called the Witchetty Gang are using unusual steganography methods to download malware onto infected systems. This is reported by security experts from Symantec. The hackers had hidden code in an old Windows logo in several attacks.

- Advertisement -

According to the report, the attacks took place between February and September, targeting the governments of two Middle Eastern countries and the stock exchange of an African country.

In a first step, the attackers targeted various well-known and frequently exploited vulnerabilities (ProxyShell and ProxyLogon) in order to gain unauthorized access to publicly accessible servers. This is how they were able to steal login credentials there. After penetrating the system, malware was reloaded in several steps, report the security experts at Symantec.

Among other things, “Backdoor.Stegmap” was used, which uses steganography to hide the payload of the backdoor in a harmless image; The attackers used the colorful Windows 7 logo as the image. A DLL loader on the infected system loads the image from a GitHub repository and unpacks the malware it contains with an XOR key. This reloaded backdoor was then able, among other things, to copy directories and files on the target system and to start and end processes.

The perfidious thing about the technology: You can publish the payload on a free, trustworthy platform like GitHub, which “triggers a warning signal in the target system much less likely than downloading from a command and control server (C&C) controlled by the attackers. ”

- Advertisement -

According to the news portal Bleeping Computer, the Witchetty Gang is said to be close to the Chinese hacker group APT10. The group was first described in April 2022 by the Czechoslovak security company ESET, the security experts at Symantec report on their company blog.

- Advertisement -

Latest articles

A free tool to edit and convert images to different formats

There are many free online editors that allow us to do almost any quick...

GameSir launches G7 controller with customizable design and support for Xbox and PC

GameSir launched this week its new G7 controller with cross-platform compatibility, which can be...

More like this