Worok hackers hide new malware in PNGs, while ARCrypter ransomware expands reach from Latam to world

Two reports related to malware:

Bill Toulas reports:

A threat group tracked as ‘Worok’ hides malware within PNG images to infect victims’ machines with information-stealing malware without raising alarms.

This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok’s activity in early September 2022.

Read more at Bleeping Computer.

Meanwhile, researchers at Blackberry report:

On August 25, 2022, Chile’s government computer systems were attacked by a previously unseen ransomware variant. CSIRT of Chile’s government published a report which contained some Indicators of Compromise (IoCs) and recommendations for prevention measures.

On October 3, 2022, Invima — The Colombia National Food and Drug Surveillance Institute — reported a cyberattack that led to a temporary shutdown of the organization’s web services.

Through our threat hunting efforts, BlackBerry has identified additional samples of interest for this ransomware. Given the timeframe of the attack and the contents of the ransom note mentioning Invima, we believe with a high degree of certainty that this ransomware was used in the Invima cyberattack that took place in early October.

Based on the unique strings identified during the analysis, we have named this unknown ransomware variant “ARCrypter.”

Read more at Blackberry’s Blog.


About the author: Dissent

Comments are closed.