Lazarus APT conceals malicious code within BMP image to drop its RAT

The North Korean APT uses a clever technique to bypass security products by embedding one of its payload as a BMP image. The attack likely started by distributing phishing emails that were weaponized with a malicious document. The document creation time is 31 March 2021 which indicates that the attack happened around the same time. This is because the document contains a PNG image that has a compressed zlib malicious object and since its compressed it can not be detected by static detections. Then the threat actor just used a simple conversion mechanism to decompress the malicious content.”]

Source: https://blog.malwarebytes.com/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/

Something Fresh

Zip Codes & PII: Are They Personal Data?

ZeroNet: 51% Attack Risks & Mitigation

Zero Knowledge Voting with Trusted Server

What People Reading

YubiKey Security: Initial Setup with Yubi Cloud

Zero-Day Vulnerabilities: User Defence Guide

Feedback and data-driven updates to Googles disclosure policy

ZAP: Brute Force Passwords

Security Insider Interview Series: John McArthur, Senior Product Manager, IP Intelligence; and Rupert Young, Senior Director Software Engineering, Data Compilation and Identity, Neustar

Categories

Partners

Just add here your partners image or promo text