More malware is being hidden in PNG images, so watch out

Audio player loading…

Researchers have found evidence of new threat actors using PNG files to deliver malicious payloads.

Both ESET and Avast have confirmed seeing a threat actor going by the name Worok using this method since early September 2022.

Apparently, Worok has been busy targeting high-profile victims, such as government organizations, across the Middle East, Southeast Asia, and South Africa. 

Multi-staged attack
The attack is a multi-stage process, in which the threat actors use DLL sideloading to execute the CLRLoader malware which, in turn, loads the PNGLoader DLL, capable of reading obfuscated code hiding in PNG files. 

That …