Automatically translated.View original post

Hackers use coded camouflage methods, hiding malware in PNG photo files

Hackers were found using coded camouflage methods, hiding malware codes inside PNG image files to release malware.

Hiding malware or payload can be done in a variety of ways, from complex hiding through redirecting, URLs, reliable use of digital archives or Repo. And the most likely way to be up and coming is to hide the code in harmless files, such as image files, etc.

According to a report by the website, Cyber Security News has mentioned the detection of an NPM package, a JavaScript package that hides malware for remote access to the victim's system, or a RAT (Remote Access Trojan). NET is hiding payload code in a non-toxic PNG image file with a Steganography method. The package is impersonated as a buildrunner-dev package, named as buildrunner and build-runner. These two projects were long abandoned by the developer, but the name is similar enough to allow those searching for these two tools to misdownload.

The malware mechanism begins after the victim installs the tool from the package via npm install. The Hook that runs after installation like Postinstall Hook runs a script from the init.js file to download a Btach script file called packageloader.bat from Codeberg, a reliable Repo service. This file silently copies itself into the Windows Startup folder, which creates persistence on the system, or Persistence, guaranteeing that the malware will rework every time it is turned on or rebooted. New

Such a Batch file, in addition to having the ability to create Persistence, has also confused up to seven layers of Obfuscation with up to 1,653 lines of code, but only 21 lines of functional code. There are also disorganized comments, useless junk variables, fake Base64 string values to disrupt Static Analysis and human verification.

And before running the Payload code, the malware will check if it has the Admin or Administrator. If it does not find it, it will use fodhelper.exe to upgrade its permissions while evading the UAC Account Control system at one time, without UAC showing the user the Prompt to choose whether or not to grant it. After that, the malware will run the PowerShell code through conhost.exe to determine if there is an anti-virus or cyber protection tool installed on the system. At this point, there will be a method. That led to the installation of the last malware file in many ways as the analysis detected, which the source did not provide details.

The last payload is a RAT malware payload called Pulsar that, after installation, inserts itself into the Windows General Process, making it difficult to detect. This payload code is hidden inside the RGB (Red Green Blue) Pixel of two PNG image files deposited on the ImgBB website.

"6b8owksyv28w.png" (41 × 41 px, 2.3 KB) internally contains PowerShell-style code that can emanate AMSI-style protection (Antimalware Scan Interface).

"0zt4quciwxs2.png" (141 × 141 px, 67 KB) internally contains the code of the .NET extension malware (Loader) for use in releasing the real payload.

The two runs lead to downloading and decoding the code from another image file deposited at hxxps: / / i.ibb [.] co / tpyTL2Zg / s9rugowxbq8i.png. This third file acts as a control server (C2 or Command and Control) that will ultimately release Pulsar malware into the victim's machine.

# Trending # Lemon 8 Howtoo # lemon 8 diary # png # freedomhack

3/20 Edited to

... Read moreจากประสบการณ์ในการติดตามและวิเคราะห์ภัยคุกคามไซเบอร์ประเภทซ่อนโค้ดในไฟล์มีเดีย เช่น PNG ผมพบว่าการใช้ Steganography เป็นวิธีที่แฮกเกอร์นิยมมากขึ้น เพราะไฟล์รูปภาพแพร่หลายและดูเหมือนไม่เป็นภัย การซ่อนโค้ดในพิกเซล RGB ทำให้มัลแวร์สามารถเล็ดลอดผ่านระบบสแกนไวรัสทั่วไปได้ง่าย โดยเฉพาะเมื่อโค้ด PowerShell หรือ .NET Loader ที่ใช้ในมัลแวร์ RAT ได้ถูกเข้ารหัสหรือปรับแต่งให้สมบูรณ์แบบ เรื่องที่น่ากลัวคือเทคนิค Persistence ที่ใส่โค้ด Batch ลงในโฟลเดอร์ Windows Startup เพื่อให้มัลแวร์ทำงานทุกครั้งที่เริ่มระบบ ผมเคยเจอหลายกรณีที่โค้ดถูกทำ Obfuscation ซับซ้อนมาก ทำให้การวิเคราะห์ด้วยมือแทบจะเป็นไปไม่ได้ ต้องพึ่งพาเครื่องมือเฉพาะทางหรือ AI ช่วยวิเคราะห์ อีกทั้งฟีเจอร์เดียวที่น่าสนใจ คือ การขอสิทธิ์ Admin โดยใช้ fodhelper.exe ที่หลบเลี่ยง UAC Prompt ได้ ทำให้มัลแวร์ได้สิทธิ์สูงสุดโดยไม่แจ้งเตือนผู้ใช้ สำหรับผู้ใช้ทั่วไป ควรระวังการติดตั้งแพ็กเกจหรือซอฟต์แวร์จากแหล่งที่ไม่น่าเชื่อถือ และหมั่นอัพเดตแอนตี้ไวรัสรวมถึงใช้เครื่องมือความปลอดภัยที่สามารถตรวจจับพฤติกรรมแปลก ๆ ได้ นอกจากนี้ ควรระมัดระวังไฟล์รูปภาพหรือไฟล์อื่น ๆ ที่ได้จากแหล่งภายนอกโดยไม่ผ่านการตรวจสอบ เพราะอาจแฝงมัลแวร์หรือโค้ดอันตรายแบบนี้ได้ การเรียนรู้เทคนิค Steganography คร่าวๆ และเข้าใจถึงวิธีการที่แฮกเกอร์ใช้พรางโค้ด เป็นประโยชน์ในการป้องกันภัยคุกคามไซเบอร์ในยุคสมัยที่เทคโนโลยีก้าวหน้าเช่นนี้

Related posts

SIEGEX is all CHEATERS & HACKERS😭
Why is this game full of cheaters and hackers and bugs🤷‍♀️ #siege #rainbowsixsiege #gaming #streamer #foryou
Phasma

Phasma

41 likes

A laptop with a cloudy sky wallpaper and a white cup with a red logo. Text overlay reads: 'Free Websites That Saved My GPA AND MY SANITY Sharing So You Don't Struggle Too'.
A laptop screen displays Yahoo search results for 'Quizlet'. An overlay describes Quizlet as a free flashcard tool for memorizing terms, definitions, and formulas, making studying feel like a game.
A laptop screen displays Yahoo search results for 'Unriddle.ai'. An overlay describes Unriddle.ai as a free tool that breaks down notes, articles, or assignments to aid understanding of long readings.
Websites You NEED to Pass Your College Courses
Y’all college is hard enough without trying to figure everything out on your own 😩 So here’s my list of websites that actually helped me pass my classes like, these were in my survival kit. I’m not gatekeeping 🫶🏽 Quizlet When I needed to memorize terms FAST. I used it for flashcards, and the matc
Beauty

Beauty

290 likes

A monitor displays the Martin AI assistant dashboard with sections for to-dos, reminders, calendar, and chat, set on a desk with a keyboard and plant, illustrating the phrase "Say what you need, it gets it done."
The Martin AI assistant dashboard is shown, featuring to-dos, reminders, calendar, inbox, and a chat interface for sending schedules, emphasizing its ability to use voice commands for tasks like texting and setting reminders.
The Martin AI assistant dashboard displays to-dos, reminders, calendar, and an inbox with emails, highlighting its function to remember and track information across various platforms without repetition.
Your to-do list just got a personal manager
You know when you have too many tabs open in your brain? This app is like closing all of them... at once. Martin is your Al assistant that actually works like a real one. Need to text someone, forward notes, set reminders, or manage your day? Just tell Martin. It connects with your inbox,
Reverelia

Reverelia

366 likes

The image displays a title "Files Copied to USB Drive Disappear - Quick Solutions" above a blue USB drive with glowing data icons. Below, text asks, "USB drive files vanished after transfer? Don't panic—try these solutions to recover and prevent data loss."
This image outlines the first two of "4 Recovery Methods." It details steps for "1: Show Hidden Files via File Explorer" for both Windows and macOS users, and "2: Use Command Prompt (Windows)" with the attrib command to reveal hidden files.
The image presents the last two of "4 Recovery Methods." It describes "3: Run Antivirus Scans" to remove malware and "4: Use Data Recovery Software (MyRecover)" with steps to scan, preview, and recover lost files from a USB drive.
Files Copied to USB Drive Disappear? Lets Recover
Copied files to your USB drive, then they vanished? This issue is often caused by hidden files, unsafe ejection, corruption, or failing flash storage. This guide shows how to reveal hidden files, repair USB errors, and recover missing data safely before it gets overwritten. #usb #datarecovery
XanthusTechCore

XanthusTechCore

5 likes

The image shows a keyboard with a fingerprint icon, overlaid with "OUTSMART HACKERS" and "Secrets they don't want you to know," serving as the title for a guide on cybersecurity.
This image explains hackers use software to guess passwords and advises creating long passwords with a random mix of letters, numbers, and symbols to defend against such attacks.
The image warns that hackers try common passwords and advises users to defend themselves by avoiding easy words/phrases and not reusing passwords across different sites.
SECRETS Hackers DON’T Want You to Know!
After hackers got into my Facebook account and completely erased it, I dusted myself off and started a deep dive to understand why and how hackers work. The best way to protect yourself is to outsmart them. Here are 5 secrets Hackers DON'T want you to know! Share this with everyone! #lemon8pa
techgirljen

techgirljen

425 likes

⚠️ The Hidden Dangers of Public Wi-Fi Free Wi-Fi feels convenient, but it can be a trap. Hackers can create what’s called an “evil twin” network—a fake hotspot that looks legitimate. The moment you connect, they can access your data, passwords, banking info, and private messages. Listen
Dannah Eve

Dannah Eve

82 likes

Back Up Outlook Emails to an External Hard Drive
Need to back up your Outlook emails to an external hard drive? Here are 2 simple methods to help you out. Download AOMEI Backupper and give it a try! #backup #outlook #externalharddrive
SmoothTechie

SmoothTechie

1 like

🚨 16 Billion passwords leaked - the largest breach ever 🚨 Here is how it happened and what you can do to be safe. #news #databreach #cybersecuritytips #onlinesafety
Cybersecurity Girl

Cybersecurity Girl

130 likes

A 3D printed Baymax figure, made from rose gold/orange silky PLA, stands on a dark surface. It features black eyes and a shiny gold heart on its chest, showcasing a textured, knit-like appearance.
Baymax 3D Print!
Just a little colorful Baymax I printed for my wife. I used Matterhackers silky rose gold PLA for the body. #3dprinting #fyp #foryoupage #disney @
PrintsWithChris

PrintsWithChris

3 likes

#stitch with @Steve-O’s Wild Ride! Podcast & @Drew On Spotify | what do you think? 🤔 I suggest checking out @The Hacking Games to support your kids! 💥 #videogames #onlinesafety #parentinghacks #momsoftiktokover30
Fareedah | Protect Kids Online

Fareedah | Protect Kids Online

5 likes

This table makes my space feel bigger than it is—because it works harder than any piece of furniture I own 🛋️🪄 #AnywaysWood #spacehackers #tinyhomeideas #cleverfurniture #hometricks
Amy

Amy

0 likes

WARZONE HACKERS
Warzone is full hackers and call of duty does not care #warzone #hacker #memesdaily #memes🤣 #gaming
DUSTINMYRQ ™

DUSTINMYRQ ™

6 likes

The image shows a phone screen displaying a 'Creating...' message with text claiming entities are 'hackers, trackers and child predators.' It includes a person surrounded by swirling energy and mentions Lilith, Satan, and Ra as parasitic beings.
The image displays a list of AI prompt suggestions, including 'Make me best friends with the Grim Reaper drinking boba tea,' which is circled. Below, text questions why befriending the Grim Reaper (Satan) is acceptable.
The image features a person with swirling energy and text stating, 'Can't create videos of prominent figures. Try something else instead.' It questions when Satan, Lilith, and Ra became prominent figures, describing them as disembodied beings preying on teens.
YouTube made Satan/Lilith/Ra (Demon Spirits) Prominent Figures #teen YouTube
I claim my protected emotional, mental, emotional, and digital space. All energetic loosh and currency stays with me, not those who prey upon it. *"I do not give, offer, or forfeit my crown to the dark forces who oppose me."* Those who steal will, with crafted weaved intentions div
Energy Frequency & Magic

Energy Frequency & Magic

0 likes

Hackers are using tricks & steal financial info.🌸🍋
SECURITY TIPS: Be careful from hackers they use multiple different types of software and tricks to steal data from computers, cell phones or other devices to steal your data, financial information and personal details. When they hack via computer systems Showing they are from Microsoft Security Ale
Mujahid Bakht

Mujahid Bakht

6 likes

These Hackers on Marvel Rivals getting crazy!
#marvelrivals #twitchtv #followme #Hackers #marvelfunny
MisFit Miracles

MisFit Miracles

2 likes

A smartphone displays a message asking God to unblock it due to hackers. A patterned pad and colorful items are in the hazy background. The image includes Lemon8 branding and a username.
God, please unblock this android, hackers have in
Olga Ledbetter

Olga Ledbetter

37 likes

A message to Minecraft hackers…
You should join the server #minecraft #gaming #fyp
BendersMC

BendersMC

13 likes

Taco Tuesday 🤯 Admin Abuse ⁉️ #stealabrainrot #robloxstealabrainrot #roblox #neoskittles
NeoSkittles

NeoSkittles

6 likes

Bigfoot Super Hackers.
#manthoughts #hackers #laughoutloud #bigfootvlog #lifetips
Alien Hayes

Alien Hayes

13 likes

SEPT WRAP UP PT 1.
september had me in a CHOKEHOLD y'all 😮‍💨 i read so much i have to break this into TWO PARTS 😂😂 • 47 books read (don't play with me •) • 19 new authors • multiple favorites that little binge had me blowing right past my 200 book goal, so you know i had to bump it up to 250 from messy d
LEXI 💓

LEXI 💓

33 likes

I wanted a real project I could actually show, not just talk about. So I used Atoms ⚛️ Check it out here: https://tinyurl.com/3xzc8xbe It feels like having a whole AI team helping me: 🔍 they do the deep research first 🏁 then Race Mode builds different versions so I can compare 👥 I just pick
emilie.studygram

emilie.studygram

20 likes

BIG Holiday Costco Shop & Haul | Anchorage, Alaska
vanditsv

vanditsv

2 likes

A woman with dark hair and a light orange top smiles at the camera. The background features a wooden wall. Watermarks for Lemon8 and TikTok Lite with the username @angelawrivers are visible.
Hackers are using Google.com to deliver malware
Hackers are using Google.com to deliver malware by bypassing antivirus software and here is how to stay safe https://www.msn.com/en-us/news/technology/hackers-are-using-google-com-to-deliver-malware-by-bypassing-antivirus-software-here-s-how-to-stay-safe/ar-AA1GIDSi?ocid=sapphireappshare #hackers
angela1957

angela1957

0 likes

#yungblud
watch4hackers

watch4hackers

10 likes

warzone hackers be mad little babies
#cod #ps5 #gamergirl #warzone #fuckhackers
Twilightvile

Twilightvile

2 likes

A woman wearing a black outfit and a large pearl necklace smiles while sitting in a room with rows of green chairs. Other individuals are visible in the background. The image features Lemon8 branding with the username @angelawrivers.
Hackers hijacked antivirus features to install mal
Hackers hijacked antivirus features to install malware - here's what we know https://www.yahoo.com/tech/cybersecurity/articles/hackers-hijacked-antivirus-features-install-140500891.html #hackers #malware #cybersecurity #antivirus
angela1957

angela1957

1 like

Kalebdavis19

Kalebdavis19

1 like

Prayers for Jamaica 🇯🇲 — opening Hacker’s Slumber,
Cousin B

Cousin B

0 likes

📍USB Write Protected? Fix It Instantly
Seeing “The disk is write-protected” error on your USB drive? This quick guide shows how to remove write protection and regain full access to your files. Learn how to check the physical lock switch, use DiskPart commands, repair file system errors, and fix registry issues step by step. Many cases a
XanthusTechCore

XanthusTechCore

5 likes

Look world just locked my new Facebook account right now cause I'm showing complaints and legal paperwork I'm filling right now Look world at 2:00 am am Jamie Winfield and Tracy Winfield and Dre Washington and Randy Tappin and Christopher Thirdkill and IT drinking and smoking and using drug
glentrump359

glentrump359

0 likes

PSA PSA PSA ‼️ #fyp #hackers #facebook #scammers #viral
Kay’s House ✨

Kay’s House ✨

2 likes

Nice one boys
#cod #callofdutyp #codapartments #pvp #ashika #finalexfil #ashikapowerplant #almazrah #talkingshit #squad #dmz #gamer #sniper #headshot #longrange #headbussa #letthebodieshitthefloor #proxie #closecombat #closecombatfight #talkingshit #kamikazi #nomercy #nolovelost #groundhack #rocke
TheAuditor

TheAuditor

1 like

If you have the Samsung, you need to watch this and update your phone immediately 
Cybersecurity Girl

Cybersecurity Girl

49 likes

A phone screen displays eSIM settings, showing an active AT&T eSIM with a phone number, an option to add a new eSIM, and primary SIM settings.
The title of an article, 'What Can Someone Do With Your SIM Card? (How To Secure It)', published on February 8, 2024, with author details.
Text discussing the risks of a stolen SIM card, including an example of $68,000 stolen via a SIM swap, and noting the rise in SIM card attacks.
my physical sim card from my original AT&T smartphone has been stolen out of my Samsung Galaxy Fold7
Dougintime

Dougintime

5 likes

A black Guest Internet GIS-R10 Internet Hotspot Gateway device is shown with multiple WAN and LAN ports, set against a blurred city night background. It's designed for enterprise-level Wi-Fi hotspots.
🛡️ The GIS-R10 Controller — Enterprise-Level Power
🚀 The perfect hotspot solution for internet speeds of 400 Mbps! Designed for medium to large hospitality businesses like hotels, resorts, campgrounds, RV parks, marinas, and more, the GIS-R10 makes it easy to provide WiFi access as a complimentary service or a paid option. 🏨🌴🚐⚓ ✨ Why business
Guest Internet

Guest Internet

0 likes

A retail display of various TCG products including Pokemon, One Piece, Magic: The Gathering, and Yu-Gi-Oh!, alongside Nintendo video games and card accessories like binders and toploaders.
A store counter showcasing a wide array of trading card game booster packs, including One Piece, Magic: The Gathering, FIFA, and other popular TCGs, along with various card game accessories.
A detailed view of a store display featuring numerous trading card game booster packs, including Magic: The Gathering "Modern Horizons" and "Foundations," "Avatar" play boosters, and "One Piece" card game packs.
Tcg
#TCG available at @brooklynvideogames . #Pokemon #OnePiece #MTG #Yugioh and more…
ArcadeBrooklyn

ArcadeBrooklyn

3 likes

A hooded figure types on a keyboard, surrounded by holographic screens displaying global data and code, with the text overlay "How to become Cyber Security" highlighting the article's focus.
A detailed flowchart illustrates the career path to becoming a cybersecurity professional, from high school studies and university degrees to various certifications, entry-level IT jobs, and specialized cybersecurity roles.
This image outlines essential foundational skills for aspiring cybersecurity professionals, including mathematics (logic, statistics), computer basics (operating systems, hardware), and programming languages like Python, C/C++, and JavaScript.
#cybersecurity #studying #studytok #studywithme #BackToSchool
study with me 📚

study with me 📚

27 likes

Hackers
How call of duty has me #call of duty #hacker #warzone
Stevie_Wonders

Stevie_Wonders

1 like

10 things I NO LONGER do as a CYBERSECURITY EXPERT 1. Hand out my real birthday, name, phone number etc online 2. Create online accounts I don’t need 3. Post vacation pics while I’m still away 4. Believe free Wi-Fi or apps is actually free 5. Save my logins in Notes or browsers 6. Use my mom’
Cybersecurity Girl

Cybersecurity Girl

6 likes

Replying to @Red what parts or the dark web live in your brain rent free? #scarystories #horror #eductional #darkweb
Liz Cooper🦋

Liz Cooper🦋

43 likes

WARNING: DO NOT SEND/RECEIVE/ BUY/SELL
WARNING: DO NOT SEND/RECEIVE/ BUY/SELL/CONVERT ANY CRYPTO RIGHT NOW There is a currently a major attack spreading through the crypto ecosystem that can change the addresses you're sending to. Hackers are secretly rerouting funds to their wallet instead of your destination. Get your money off
Apefaced Alpha

Apefaced Alpha

0 likes

Don’t Use Airport USB Chargers!
TSA is now advising NOT to use Airport USB Chargers. Bring your own USB charging bricks. "Hackers can install malware at USB ports (we’ve been told that’s called 'juice/port jacking'). So, when you’re at an airport do not plug your phone directly into a USB port. Bring your TSA-compl
Destination & Travel Junkies

Destination & Travel Junkies

152 likes

You shouldn’t be worried about the hackers, you should be worried about your settings. Check out ThreatLocker DAC today #ad #cybersecurity
Cybersecurity Girl

Cybersecurity Girl

25 likes

Hackers Be Like:
#fypage
AidenIsMyself

AidenIsMyself

0 likes

Marley Scotch

Marley Scotch

0 likes

Ban Hackers
Vinicius Jr 🇧🇷 #fcmobile #eafcmobile #fifamobile #fcmobile25 #eafc
manuelofficial_13

manuelofficial_13

1 like

Unable to Initialize Hard Drive? Fix it Now
Find out how you can fix this issue and initialize your hard drive with ease using Partition Assistant, ensuring no data is lost during the process. #hdd #fix #repair #disk
SmoothTechie

SmoothTechie

0 likes

Repost my freedom of speech constitutional rights and laws and my federal complaints they removed Morehouse parish sheriff department officers and Mike Stone Tubbs and hackers and Elon Musk and Donald Trump and Mark Zuckerberg showing favoritism and discriminate against Glen Nickolas Akins this is
glentrump359

glentrump359

1 like

Look world on all my Instagram accounts right now for 7 days rejecting all my reels and posts and won't let me share my posts Elon Musk and Donald Trump and Morehouse parish sheriff department officers and Mike Stone Tubbs and hackers showing favoritism and discriminate against Glen Nickolas Ak
glentrump359

glentrump359

0 likes

Chinese Hackers Breach U.S. Treasury
#cybersecurity #cyberattack #ustreasury #janetyellen
Her Tidings

Her Tidings

0 likes

me rocking the shades yesterday at my day group ☺️
Øg Hackers Dèmøn

Øg Hackers Dèmøn

1 like

Amen thanks Father God Jesus Christ God evening word and prayer devil's I rebuke you your childrens Morehouse parish sheriff department officers and Mike Stone Tubbs and hackers and Elon Musk and Donald Trump and Mark Zuckerberg and Randy Tappin and Christopher Thirdkill and IT and their countr
glentrump359

glentrump359

0 likes

I'm finna to go filing some more federal complaints on y'all right now Look world on TikTok right now removing my freedom of speech constitutional rights and sound on my legal paperwork and complaints Look world on Lemon8 app right now removing my legal paperwork complaints and freedom of
glentrump359

glentrump359

1 like

Amen thanks Father God Jesus Christ God morning word and prayer devil's I rebuke you your childrens Morehouse parish sheriff department officers and Mike Stone Tubbs and hackers and Elon Musk and Donald Trump and Mark Zuckerberg and Randy Tappin and Christopher Thirdkill and IT and their countr
glentrump359

glentrump359

0 likes

An infographic titled "7 CYBERSECURITY BASICS" featuring a cartoon girl and a robot with a laptop. It explains cybersecurity, common online threats like phishing and malware, and smart habits such as strong passwords and 2FA. It also provides tips for protecting information and what to do if something goes wrong, emphasizing that cybersecurity is for everyone.
Basic IT Knowledge: Cybersecurity Basics
🔒 BASIC IT KNOWLEDGE: CYBERSECURITY BASICS 🔒 You lock your front door. You protect your wallet. So why wouldn’t you protect your digital life too? 👀 Cybersecurity is all about protecting your devices, accounts, and personal information from online threats. That means staying safe fro
ITwDee

ITwDee

3 likes

See more