Shady RAT Hid Malware In Digital Images

  /     /     /  
Publicated : 22/11/2024   Category : security


Shady RAT Hid Malware In Digital Images


Attackers used steganography to hide commands controlling infected machines.



The attackers behind the Operation Shady RAT targeted cyber-espionage hacks hid some of their activities behind digital images.
They used steganography, a relatively rarely deployed technique for hiding malicious code or data behind image files or other innocuous-looking files. In its analysis of Operation Shady RAT, Symantec found rigged images--everything from images of a pastoral waterside scene to a suggestive photo of a woman in a hat--that were masking commands ordering the infected machines to phone home to the command-and-control (C&C) server.
The commands are invisible to the human eye because the bits in the image are actually made up of those commands. Theyre mathematically built into the data representing the image, according to Symantec researchers in
a recent blog post
that includes examples of the images its researchers found.
Operation Shady RAT is a massive advanced persistent threat (APT)-type
attack campaign
that has been ongoing worldwide for five years and has stolen intellectual property from 70 government agencies, international corporations, nonprofits, and others in 14 countries. It was
revealed last week by McAfee
, which conducted an in-depth study of one of the C&C servers used in the attack.
Remaining under the radar is crucial for APT attackers. The Shady RAT attackers
also deployed a tool called HTran
that helps disguise their locations. Joe Stewart, director of malware research for Dell SecureWorks counter threat unit research team, recently discovered a pattern in APT malware in which many of these attackers use HTran--including the Operation Shady RAT attackers, he said.
Read the rest of this article on
Dark Reading
.
At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25.
Register now
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Shady RAT Hid Malware In Digital Images