Originally reported by Hackread
TL;DR
Three separate campaigns demonstrate advanced steganographic malware deployment: XWorm 7.2 in Excel files, Pulsar RAT in NPM packages, and critical password manager vulnerabilities.
Multiple active malware campaigns using sophisticated steganographic techniques to evade detection, targeting both individual users and enterprise systems through supply chain and phishing vectors.
A sophisticated phishing campaign is distributing XWorm 7.2 malware by embedding it within JPEG images attached to malicious Excel files. The attack chain begins with weaponized Excel documents that exploit Microsoft Office vulnerabilities to extract and execute the hidden payload.
Once deployed, XWorm 7.2 employs process hollowing techniques to inject itself into legitimate Windows processes, effectively evading endpoint detection systems. The malware implements AES encryption to secure its command and control communications while harvesting stored passwords, Wi-Fi credentials, and other sensitive data from infected systems.
The steganographic approach allows the malicious payload to bypass traditional file-based security scanning, as the JPEG images appear benign to most security tools that rely on static analysis.
Security researchers have identified 27 distinct attack vectors against major password management platforms, revealing fundamental design flaws that could compromise encrypted vault integrity. The demonstrated attacks exploit scenarios where password manager servers become compromised or where implementation weaknesses allow unauthorized access to supposedly secure vault data.
While specific vendor names and technical details were not disclosed in the available reporting, the research highlights critical gaps in how password managers handle server-side security and vault encryption protocols. These vulnerabilities could potentially expose user credentials even when vaults are properly encrypted with strong master passwords.
The findings underscore the importance of zero-knowledge architecture in password management solutions and the risks associated with cloud-based vault storage models.
Veracode researchers have uncovered a typosquatting campaign targeting the NPM ecosystem, where attackers distribute Pulsar RAT malware concealed within PNG image files. The attack leverages package name confusion to trick developers into installing malicious dependencies that appear legitimate.
The steganographic technique embeds the RAT payload within PNG image data, allowing it to bypass Windows Defender and other endpoint security solutions that typically scan executable files but may not deeply inspect image formats. Once extracted, Pulsar RAT establishes persistent access to developer workstations and build environments.
This supply chain attack demonstrates the increasing sophistication of threats targeting software development workflows, where compromised developer systems can serve as stepping stones to broader organizational networks.
Originally reported by Hackread