Chinese Hackers Hiding Malware in Windows Logo

The threat hunter team at Broadcom’s Symantec has issued an advisory, revealing that a Chinese cyberespionage group, also known as Witchetty and LookingFrog, is targeting entities in Africa and the Middle East using an updated toolset.

The group was first discovered in April 2022 by ESET. Its activities are characterized by using a first-stage backdoor (X4) and a second-stage payload (LookBack).

Advisory Reveals Attack Tactics of Witchetty

According to Symantec’s report, Witchetty is associated with a Chinese APT group Cicada, aka Stone Panda, and APT10, while its connection with TA410 is also being reported. This group was previously linked to targeted attacks against US energy firms.

The group is continuously evolving its toolset. It currently uses a steganographic technique for hiding a backdoor (Backdoor.Stegmap) in the MS Windows logo and targets governments in the Middle East.

Although not new, this is a rare technique where malware is hidden inside an image. The trojan can perform various functions, including removing and creating directories, manipulating files, launching/terminating processes, running/downloading executables, enumerating and killing processes, and stealing documents. It can also create, read, and delete registry keys.

Earlier this year, Cicada was targeting Japanese entities, but now it seems to have expanded its target list to diverse regions, including North America, Asia, and Europe.

Related News Attackers hide Mac malware in ad imagesHacker found using Twitter memes to spread malwareInfected WAV files install malware & cryptominers on PCsChinese Hackers Distributing Malware in SMS Bomber ToolGoogleUserContent CDN Hosting Images Infected with Malware Attack

Read more

Explore the site

More from the blog

Latest News