A new malware from the Worok group has been spotted in the network prairies. And attackers hide it in PNG files using steganography. Small chunks of malicious code are written to the smallest significant bits of the image pixels. Later, they are delivered and assembled on the victim’s machine using the dll-ok CLRLoader and PNGLoader, respectively.
As a load, they have an obscure PowerShell script and a custom C# infostiler with a Dropbox as a C2 server. The malware is exclusive, and the targets of the grouping are the state structures of the Middle East, North America and Southeast Asia. So, apparently, Chinese spies are secretly working.