Tag: Steganography
-
The Audio-Files Have Eyes: Inside the TeamPCP “Steganography” Strike on the Telnyx Python SDK
The recent subjugation of a ubiquitous Python library dedicated to communications has starkly illuminated the profound fragility inherent within the open-source supply chain. Venomous architecture was surreptitiously woven into the official Telnyx Python SDK—a cornerstone relied upon by countless projects to orchestrate telephony and messaging—rendering the bombardment virtually imperceptible for an extended epoch. The sentinels…
-
Three-Day Turnaround: How APT28 Rapidly Weaponized the Latest Microsoft Office Zero-Day
The sophisticated threat actor APT28 has commenced the exploitation of a nascent Microsoft Office vulnerability almost immediately following its public disclosure. According to researchers, these incursions were initiated within a mere three-day window, primarily targeting entities across Ukraine, Slovakia, and Romania. Security analysts at Zscaler have designated this campaign Operation Neusploit, which centers upon CVE-2026-21509—a…
-
Love and Larceny: How Hinge Was Repurposed Into a Malware Control Hub
A security researcher has demonstrated an unconventional scenario in which the popular dating app Hinge can be repurposed into an improvised command-and-control server—an infrastructure through which attackers could issue commands to malware and exfiltrate data. While the concept may sound like a purely experimental gimmick, the author emphasizes that, in practice, such an approach could…
-
The DarkSpectre Files: How a 7-Year Extension Campaign Hijacked 8.8 Million Browsers
A hacking group operating under the name DarkSpectre has, for seven years, systematically infected the computers of users running Chrome, Edge, and Firefox browsers. According to Koi Security, more than 8.8 million unique devices fell victim to these activities. The operation spanned three distinct campaigns and was marked by a high degree of coordination and…
-
Operation Artemis: North Korean ScarCruft Hijacks HWP Files to Deploy RoKRAT
As part of a large-scale malware campaign dubbed Operation Artemis, the North Korean hacking group APT37—also known as ScarCruft—employed sophisticated attack techniques leveraging South Korea’s HWP word processor and DLL side-loading. The operation targeted South Korean professionals, primarily those working in politics, media, and international affairs. Initial access was achieved through phishing emails masquerading as…
-
Hidden in Plain Sight: How the GhostPoster Campaign Injected Malware Into 50,000 Firefox Users
Researchers at Koi Security have identified a new malicious campaign dubbed GhostPoster, targeting users of the Firefox browser. As part of the operation, attackers distributed extensions that appeared harmless and even amassed tens of thousands of installations, yet concealed a latent threat. The campaign’s most unusual feature lies in its method of concealment: the malicious…
-
The Invisible Threat: Caminho Loader Hides Malware in Image Pixels
Midway through this year, specialists at Arctic Wolf uncovered a sprawling malicious campaign that spread across South America, Africa, and Eastern Europe. At its core lay a tool of Brazilian origin known as Caminho — a universal malware loader distributed under a service-rental model. Since its emergence the loader has evolved considerably; in June it…
-
StegoScan.py: The AI-Powered Tool That Finds Secrets Hidden in Files and Websites
StegoScan.py is a powerful, next-generation tool for automated steganography detection in websites, web servers, and local directories, integrating AI-driven object and text recognition with deep file analysis. Unlike traditional steganography detection tools that focus on a limited set of file types or require manual processing, StegoScan.py is designed for comprehensive, automated scanning—scraping websites, dissecting embedded…
-
Astaroth Malware Uses Steganography in GitHub Images for Covert C2 Backup
McAfee researchers have reported a renewed campaign by the banking trojan Astaroth, which has begun abusing GitHub as a resilient channel for delivering configuration data. By leveraging a legitimate platform in this way, attackers can retain control of compromised machines even after primary command-and-control servers are taken down, markedly increasing the malware’s survivability and complicating…
-
Steganography Attack: Malicious NPM Package Hides Executable Code Inside a QR Code Image
Socket Threat Research has discovered a malicious NPM package named fezbox, published by a user going by janedu. Ostensibly a harmless library, the package conceals an unusually sophisticated payload: it uses a QR code as a carrier for steganographically embedded, executable malware. Fezbox masquerades as a conventional TypeScript/JavaScript utility library—complete with tests, type definitions, promises…
-
The SlopAds Operation: A New Level of Ad Fraud
A sprawling advertising-fraud operation known as SlopAds hid behind a storefront of hundreds of seemingly innocuous Android apps and ballooned into a global enterprise. Researchers at Satori (HUMAN) recently described how 224 programs amassed a total of 38 million installs across 228 countries and territories and, at peak, generated as many as 2.3 billion ad-auction…
-
New FileFix Attack: Hiding Malware in Plain Sight
Acronis researchers have reported a fresh campaign that employs a modified FileFix technique to deliver the StealC data stealer. The attackers staged a convincing, multilingual phishing operation that forges pages for various services — for example, a counterfeit “Facebook Security” portal. On the fake page the user is shown a warning of “suspicious activity” on…
-
APT37’s Stealthy RoKRAT Malware Uses Steganography in JPEGs to Evade Detection
Experts at the Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean threat group APT37. This latest iteration employs an unusually covert method of hiding malicious code—embedding it within ordinary JPEG images. By leveraging this technique, RoKRAT evades conventional antivirus solutions, as its payload is never…
-
Warning: Stealthy WAV Malware Disguised as Voicemail Targets Users, Bypassing Email Filters
Cybercriminals are mastering increasingly sophisticated methods of delivering malicious code, leveraging unconventional file formats to evade security defenses. A recent case documented by researchers illustrates how a seemingly innocuous audio message in WAV format can serve as a covert weapon, targeting users who place trust in corporate-branded communications. Attackers distribute emails disguised as voicemail notifications…