A novel .NET-based malware loader has emerged that cleverly hides the Lokibot trojan within PNG and BMP image files. Utilizing steganography, the malware embeds malicious code within image data, rendering detection by traditional security measures significantly more difficult. This technique takes advantage of the fact that antivirus software typically whitelists image files, assuming they pose no threat. As organizations globally become targets of this expanding attack campaign, the implications for cybersecurity are substantial.
The malware operates by retrieving image files containing the hidden Lokibot payload from remote servers. The steganographic process manipulates pixel data, specifically utilizing RGB color channels to store executable code without altering the image’s visual integrity. Once the malware is executed, it employs a custom decryption routine to extract and run the Lokibot payload, creating multiple layers of obfuscation that challenge traditional detection methods. Furthermore, Lokibot acts as an information stealer, targeting sensitive data such as browser histories and saved passwords, thereby posing significant risks to corporate environments.
👉 Pročitaj original: Cyber Security News
