The Monkif/DIKhora botnet is encoding instructions to appear as if the command-and-control server is returning a JPEG image file. The botnet, which is pushing out Trojan downloaders to infected machines, uses an interesting technique to mask its nefarious intentions. The relentless rise in COVID-19 cases is battering already frayed healthcare systems and ransomware criminals are using the opportunity to strike. Read the full story at the SecureWorks conference at Black Hat 2020 on Friday.
Source: https://threatpost.com/botnet-hiding-commands-jpeg-images-093009/72314/