OceanLotus Steganography Malware Analysis White Paper

BlackBerry Cylance recently uncovered a novel malware payload loader during our ongoing surveillance of the OceanLotus (APT32) group. The loader uses steganography to read an encrypted payload concealed within a .png image file. Download the OceanLotus Steganography Malware Analysis white paper for further details on how this APT:

  • Utilizes a steganography algorithm to minimize visual differences between clean and infected images
  • Uses an obfuscated loader to load one of the APT’s favored backdoors, often Denes or Remy
  • Invests in bespoke tooling, and what their continued focus on this area may mean
  • Obfuscates their malware by imitating well-known DLLs
  • Implements multiple anti-analysis checks into their loaders

The OceanLotus Steganography Malware Analysis white paper offers an in-depth look at two concerning technical achievements recently employed by this APT. It is a must-read for professionals wishing to stay informed of the latest tactics and tools implemented by global threat groups.

Download the Report

This is a required field and should be a valid email address.
This is a required field.
Please select country and state, as these are required fields.

By clicking Submit, I agree to the use of my personal data according to the Cylance Privacy Notice. Cylance will not sell, trade, lease, or rent your personal data to outside parties. I understand the personal data I provide may be transferred outside of my country of residence to fulfill my request.

We use cookies to provide you a relevant user experience, analyze our traffic, and provide social media features. Read More