This sneaky Ghostpulse malware hides in PNG image files

Trending 1 month ago
  1. Home
  2. Technology
  3. This sneaky Ghostpulse malware hides in PNG image files
Magnifying solid enlarging nan connection 'malware' successful machine instrumentality code
(Image credit: Shutterstock)

Cybersecurity researchers from Elastic Security person uncovered a caller type of nan infamous Ghostpulse malware hiding successful nan pixels of a .PNG file.

In their method write-up, nan researchers explained nan malware’s operators proceed to show unthinkable levels of productivity and knowledge, arsenic they find caller ways to administer nan malware and hide it from antivirus programs and endpoint protection solutions.

The move marks a awesome displacement from Ghostpulse’s erstwhile obfuscation technique, which included abusing nan IDAT chunk of PNG files to hide malicious payloads, it was said.

Reading PNG files

To infect nan unfortunate pinch nan malware, nan crooks would first usage societal engineering to instrumentality nan unfortunate into visiting an attacker-controlled website. There, nan visitant would beryllium presented pinch what appeared to beryllium your modular CAPTCHA. However, alternatively of uncovering images of a canine aliases a occurrence hydrant, nan visitors are asked to property a circumstantial keyboard shortcut, which copies a malicious portion of JavaScript codification into nan clipboard.

That codification triggers a PowerShell book that downloads and runs nan Ghostpulse payload.

The payload is simply a azygous record - a “benign but compromised executable file” that includes a PNG record wrong its resources section. The malware useful by looking astatine nan circumstantial pixels and reference their colour to cod accusation hidden inside. The colors are surgery into mini chunks of data, which are past checked utilizing a type of “math test” to spot if they incorporate hidden malware instructions.

If they walk nan test, nan malware gathers nan information, and uses XOR to unlock and usage nan hidden instructions, yet infecting nan endpoint.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Ghostpulse is usually utilized arsenic a loader, deploying much vulnerable malware to nan compromised systems. Elastic Security recovered that astir of nan time, nan crooks usage it to deploy nan Lumma infostealer.

Via The Register

More from TechRadar Pro

  • Sneaky malware abuses CAPTCHA to bypass browser protections
  • Here's a database of nan best firewalls today
  • We've besides rounded up nan best VPN pinch antivirus around

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

More
Source Technology
Technology

Related Article

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price

2 weeks ago
Professionals are facing "tech overload" as they try to juggle multiple devices in the workplace

Professionals are facing "tech overload" as they try to juggle multiple devices in the workplace

2 weeks ago
The Galaxy S25 Ultra's rumored iPhone-beating power could tempt me back to Android

The Galaxy S25 Ultra's rumored iPhone-beating power could tempt me back to Android

2 weeks ago

Popular Article

Soundcore’s newest clip-style earbuds focus on comfort

Soundcore’s newest clip-style earbuds focus on comfort

1 month ago
Better than Black Friday: shop record-low prices on Samsung TVs at Best Buy

Better than Black Friday: shop record-low prices on Samsung TVs at Best Buy

1 month ago
AirPods Pro 2's hearing health features will arrive as a software update starting next week

AirPods Pro 2's hearing health features will arrive as a software update starting next week

1 month ago
The iPhone SE might serve an unexpected surprise next year

The iPhone SE might serve an unexpected surprise next year

1 month ago
The best budget laptops for 2024

The best budget laptops for 2024

1 month ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions ·

©2024 Latest Tech News.
All Rights Reserved.