Hackers hide malicious code behind the Windows logo

Malware that creates backdoors for cyberattacks, hidden by the Witchetty hacker group behind the Windows logo, has been discovered.

attack campaign led by A security research team recently discovered a malicious code the hacker group Witchetty, which uses a hidden code tactic to hide a suspicious program containing a backdoor (backdoor to attack so that the victim can’t access it). known) below the Windows logo.

According to BleepingComputer , Witchetty is said to be closely related to the Chinese hacker group APT10 (also known as Cicada ) . The group was even seen as part of Operation TA410, which was implicated in attacks on energy suppliers in the United States.

A report by security firm Symantec shows that the hacker group is carrying out a cyber espionage campaign that began in February 2022, targeting two governments in the Middle East, a stock exchange in Africa and has not stopped.

In the new campaign, hackers use their tools to target many different vulnerable targets, taking advantage of code hiding to hide malicious code from anti-virus software on computers. “Hidden code” often blends into files on computers, public data to avoid detection. For example, hackers create an image file that appears normally on the computer, but hidden behind it is malicious code that can be extracted for malicious use.

Witchetty this time uses an encrypted backdoor that is included in an image file bearing the old Windows logo. This file is stored on a trusted cloud service instead of the command and control (C2) server commonly used by hackers, thereby reducing the risk of being detected by a security tool.

“This disguise allows attackers to place files on a free and trusted server. For example, downloading images from a reputable source like GitHub is less vulnerable to detection than downloading from C2,” the expert said. Symantec experts analyzed in the report.

This malicious code hidden under the Windows logo can execute commands related to files and storage paths on the machine, start or end a workflow, modify the Windows Registry (hierarchical database that stores files). stores settings for the Windows operating system), downloads additional packages that are not desired by the victim

Related posts

Be wary of SteelFox malware attacking Windows using a copyright-cracking tool

Lazarus exploits zero-day vulnerability in Chrome to steal cryptocurrency

Detect fake survey emails to install Linux malware on Windows systems