The Malware of Worok hides in PNGs

A group of hackers named, Worok is able to hide their malware within PNG images. By this way they are easily infecting victims’ machines for stealing information.

Researchers at Avast have confirmed this. In early. In September 2022 built upon the findings of ESET, the first to spot and report on Worok’s activity.


ESET’S warning


According to a report by Bleeping Computer, “A newly discovered cyber-espionage group has been hacking governments and high-profile companies in Asia since at least 2020 using a combination of custom and existing malicious tools.

The threat group, tracked as Worok by ESET security researchers who first spotted it, has also attacked targets from Africa and the Middle East.

To date, Worok has been linked to attacks against telecommunications, banking, maritime, and energy companies, as well as military, government, and public sector entities.”

ESET malware researcher Thibaut Passilly said, “We believe the malware operators are after information from their victims because they focus on high-profile entities in Asia and Africa, targeting various sectors, both private and public, but with a specific emphasis on government entities,”.


Avast’s Report


According to Avast’s researchers, “Our fellow researchers from ESET published an article about previously undocumented tools infiltrating high-profile companies and local governments in Asia. The tools, active since at least 2020 are designed to steal data. ESET dubbed them Worok. ESET monitored a significant break in activity from May 5, 2021 to the beginning of 2022. Nevertheless, when Worok became active again, new targeted victims – including energy companies in Central Asia and public sector entities in Southeast Asia – were infected to steal data based on the types of the attacked companies.”

We live Security by ESET reported, “During the ProxyShell (CVE-2021-34523) vulnerability disclosure in early 2021, we observed activity from various APT groups.”

For more updates on security industry, click here.