A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms.
This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok's activity in early September 2022.
ESET warned that
Worok targeted high-profile victims, including government entities in the Middle East, Southeast Asia, and South Africa, but their visibility into the group's attack chain was limited.
Avast's
report is based on additional artifacts the company captured from Worok attacks, confirming ESET's assumptions about the nature of the PNG files and adding new information on the type of malware payloads and the data exfiltration method.
