Skip to main content

Lazarus hacking group now hides payloads in BMP image files

posted onApril 20, 2021
by l33tdawg
Malware Bytes
Credit: Malware Bytes

The Lazarus group has tweaked its loader obfuscation techniques by abusing image files in a recent phishing campaign. Lazarus is a state-sponsored advanced persistent threat (APT) group from North Korea.

Known as one of the most prolific and sophisticated APTs out there, Lazarus has been in operation for over a decade and is considered responsible for worldwide attacks including the WannaCry ransomware outbreak, bank thefts, and assaults against cryptocurrency exchanges.

South Korean organizations are consistent targets for Lazarus, although the APT has also been traced back to cyberattacks in the US and, more recently, South Africa. In a campaign documented by Malwarebytes on April 13, a phishing document attributed to Lazarus revealed the use of an interesting technique designed to obfuscate payloads in image files.  The attack chain begins with a phishing Microsoft Office document (참가신청서양식.doc) and a lure in the Korean language. Intended victims are asked to enable macros in order to view the file's content, which, in turn, triggers a malicious payload. 

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th