The popular hacking group, OceanLotus, Advanced Persistent Threat group 32 (APT32) is using a steganography-based file loader to drop various backdoors on users’ computers. Steganography is the practice of sending data in a hidden format so that the sent information itself is disguised. This type of attack is now being seen imbedded inside malware to assist hackers in extracting more information from a host’s computer.
How these programs are being introduced is into the users through a style of image called PNG, a PNG image is a more open sourced style format than the traditional JPEG image format. The steganography-based file loader can be easily altered by the threat actor to deliver other malicious malware. The backdoor loading process begins when the payload is decoded, decrypted and executed to load the backdoor opening program in the user’s computer. The file uses a large amount of junk information to inflate its size to make debugging more difficult.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is