5 malware threats we discovered in the wild in November 2023

From any.run

1. Steganography 

We identified a new phishing campaign utilizing steganography, a technique historically seldom used due to its complexity. However, its application has notably increased. 

Read our analysis of steganography in phishing. 

As of recently, the campaign subsided, but new samples suggest its resurgence — as seen in this sample

This new campaign employs steganography in multiple stages:

  1. The modified “Google Update” app downloads multiple PE files and an image containing a DLL 
  2. TrueUpdate, downloaded in the previous step, extracts and decrypts the DLL from the image file with 256 bytes XOR key and transfers control to the received DLL 
  3. Then a malicious module comes into play, hosting a Remote Access Trojan and intercepting control. The actions of gh0strat become evident on the network at the specified address: 

You can find more samples that employ steganography in ANY.RUN’s public submissions — just search by tag #stego or use this link

Read more…