- Jun 14, 2011
- 1,894
A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information.
Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes said the phishing campaign started by distributing emails laced with a malicious document that it identified on April 13.
"The actor has used a clever method to bypass security mechanisms in which it has embedded its malicious HTA file as a compressed zlib file within a PNG file that then has been decompressed during run time by converting itself to the BMP format," Malwarebytes researchers said.

Lazarus APT Hackers are now using BMP images to hide RAT malware
North Korean hackers were recently caught hiding malware inside BMP image files to steal passwords in a spear phishing attack.
