Shady RAT Hid Malware In Digital Images

Attackers used steganography to hide commands controlling infected machines.

The attackers behind the Operation Shady RAT targeted cyber-espionage hacks hid some of their activities behind digital images.
They used steganography, a relatively rarely deployed technique for hiding malicious code or data behind image files or other innocuous-looking files. In its analysis of Operation Shady RAT, Symantec found rigged images--everything from images of a pastoral waterside scene to a suggestive photo of a woman in a hat--that were masking commands ordering the infected machines to phone home to the command-and-control (C&C) server.
The commands are invisible to the human eye because the bits in the image are actually made up of those commands. Theyre mathematically built into the data representing the image, according to Symantec researchers in
a recent blog post
that includes examples of the images its researchers found.
Operation Shady RAT is a massive advanced persistent threat (APT)-type
attack campaign
that has been ongoing worldwide for five years and has stolen intellectual property from 70 government agencies, international corporations, nonprofits, and others in 14 countries. It was
revealed last week by McAfee
, which conducted an in-depth study of one of the C&C servers used in the attack.
Remaining under the radar is crucial for APT attackers. The Shady RAT attackers
also deployed a tool called HTran
that helps disguise their locations. Joe Stewart, director of malware research for Dell SecureWorks counter threat unit research team, recently discovered a pattern in APT malware in which many of these attackers use HTran--including the Operation Shady RAT attackers, he said.
Read the rest of this article on
Dark Reading
.
At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25.
Register now
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Shady RAT Hid Malware In Digital Images