A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information.
Attributing the attack to the
Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes said the phishing campaign started by distributing emails laced with a malicious document that it identified on April 13.
"The actor has used a clever method to bypass security mechanisms in which it has embedded its malicious
HTA file as a compressed
zlib file within a PNG file that then has been decompressed during run time by converting itself to the BMP format," Malwarebytes researchers
said.
thehackernews.com
