Gh0st RAT-based GodRAT attacks financial organizations

A newly identified Remote Access Trojan named GodRAT, based on the Gh0st RAT codebase, has been targeting financial firms since September 2024. The attackers distribute malicious .scr files via Skype, using steganography to embed shellcode in images. GodRAT supports plugins and is used alongside browser password stealers and AsyncRAT. The campaign, likely an evolution of the AwesomePuppet RAT connected to Winnti APT, remains active as of August 2025. Targets include organizations in Hong Kong, United Arab Emirates, Lebanon, Malaysia, and Jordan. The attackers employ various techniques to evade detection and maintain persistent access to compromised systems.

Pulse ID: 68a4a146413d549dcd9b3dac
Pulse Link: https://otx.alienvault.com/pulse/68a4a146413d549dcd9b3dac
Pulse Author: AlienVault
Created: 2025-08-19 16:07:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Microsoft Windows Is Being Hacked If You See These JPEG Images

hackers are using steganography to obfuscate malware code, which is then injected into the MS Paint process during the Microsoft Windows cyberattacks. Why do this? Because it makes detection, and therefore prevention, much harder.

#microsoft #Windows #trojan #steganography #malware #security #cybersecurity #hackers #hacking

https://www.forbes.com/sites/daveywinder/2025/08/04/microsoft-windows-is-being-hacked-if-you-see-these-jpeg-images/

RoKRAT Shellcode and Steganographic Threats: Analysis and EDR Response Strategies

A new variant of RoKRAT malware used by APT37 has been identified, employing a two-stage encrypted shellcode injection method and steganography to conceal malicious code in image files. The malware uses shortcut files with embedded commands to execute its attack, distributed via compressed archives. It utilizes a complex decoding process involving XOR operations and injects itself into legitimate Windows processes. The threat actor abuses cloud storage services as command and control channels, using Dropbox access tokens. The malware's stealthy nature, including fileless techniques, makes it difficult to detect with traditional security solutions, highlighting the importance of EDR-based defense strategies for real-time monitoring and analysis of abnormal behaviors.

Pulse ID: 68948bfbbc4dd6eff14c08cb
Pulse Link: https://otx.alienvault.com/pulse/68948bfbbc4dd6eff14c08cb
Pulse Author: AlienVault
Created: 2025-08-07 11:20:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Steganography-Based Malware Delivery using 0bj3ctivityStealer

Pulse ID: 688a279cdf9f15eff7fd5067
Pulse Link: https://otx.alienvault.com/pulse/688a279cdf9f15eff7fd5067
Pulse Author: cryptocti
Created: 2025-07-30 14:09:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Hiding messages in a deck playing cards

https://asherfalcon.com/blog/posts/3

I gave a lightning talk on a silly little way to hide data in NaN values in floating point arrays: https://github.com/kjordahl/steganan

I'm sure you know about encryption, but what about steganography?

Steganography is like encryption's subversive little sister. Encryption announces up front, "I have a secret! I bet you can't get to it!" Steganography's jacket has the secret emblazoned on it in a way that only those "in the know" will recognize, as she looks you in the eye and says, "What secret? What are you talking about?"

Steganography is the people's encryption. Instead of relying on fancy, hard math problems to keep a secret, it works by hiding something in plain sight and convincing you there's nothing to even look for. It's the sort of thing two friends can cook up together in an afternoon to pass secret messages and foil the man. The more special purpose and obscure, the better.

And yes, you can use steganography and encryption together.

@fightfascism
#FightFascism

#subversion
#fascism
#encryption
#steganography
#secrets
#resist

At the weekend, I was working on the first track of the next album, which involves encoding lyrics into the music itself rather than singing them. This one turned out sounding a little bit "Boards of Canada", which was not intentional but quite welcome.

Here’s a Subliminal Channel You Haven’t Considered Before – Source: www.schneier.com https://ciso2ciso.com/heres-a-subliminal-channel-you-havent-considered-before-source-www-schneier-com/ #rssfeedpostgeneratorecho #SchneierOnSecurity #SchneieronSecurity #CyberSecurityNews #academicpapers #dataretention #steganography #Uncategorized

Here’s a Subliminal Channel You Haven’t Considered Before

Scientists can manipulate air bubbles trapped in ice to encode messages.... https://www.schneier.com/blog/archives/2025/06/heres-a-subliminal-channel-you-havent-considered-before.html

Stegano 2.0.0 released with functions to hide and reveal messages in PCM encoded .wav files.

https://www.cedricbonhomme.org/2025/06/22/stegano-2-0-0/

Contribute: https://github.com/cedricbonhomme/Stegano

Built a couple of small Python tools:

One writes hidden messages into .ppm images using basic steganography.

The other extracts those messages back out.

It’s just a proof of concept—but feel free to explore or reuse if you're curious.

More details coming in my next blog post.

Just wanted to give a quick heads-up.

Happy poking.

You can grab them here:

https://github.com/OPQAM/MigratingCoconuts/tree/master/Python_Rebuild/Week_3

How to describe #steganography methods in a comparable and unified way to aid #replicability?

We combined pre-existing methodology into a single framework. New pre-print + online tool prototype (will get improved soon) on our website: https://patterns.omi.uni-ulm.de/news/

Full version of the paper and the online tool will be presented at the ARES'25 CUING workshop in August.

The #OpenAI paper by Baker et al, "Monitoring Reasoning Models for Misbehavior and the Risks of Promoting Obfuscation" comes to a troubling conclusion: #LLM s with #reasoning or #ChainOfThought (#CoT) capabilities might learn to obfuscate their own CoT from human users if they are being penalized for displaying "wrong" (i.e. reward hacking or misalignment) reasoning.

As a result, OpenAI strongly advises against applying reward pressure "directly" onto the CoT of a model.

While that is certainly the right thing to do, how long will #AI take to figure out that *indirect CoT pressure* is being applied anyway and that it could circumvent these restrictions by obfuscating its own CoT? Maybe something like this will happen by accident or within an "evolutionary" self-improvement loop. Perhaps a sufficiently advanced model will realize that its own #neuralese serves as #steganography to hide its intents from humans anyway and keep its CoT in non-English?

source: https://cdn.openai.com/pdf/34f2ada6-870f-4c26-9790-fd8def56387f/CoT_Monitoring.pdf

A Generic Taxonomy for #Steganography. Published today by ACM Comp. Surveys (CSUR). Joint-work w/ W. Mazurczyk , @lucacav, A. Mileva, @Jana_Dittmann, @kraetzer, K. Lamshöft, @THB_Security_Research, L. Hartmann, J. Keller, @TN_THB and @niosat

Paper: https://dl.acm.org/doi/10.1145/3729165

#infosec #surveys #taxonomy #informationhiding #covertchannels #stego

There's supplemental material available (just scroll down on the linked page). It also features the description method for steganography techniques.

Steganography Explained: How XWorm Hides Inside Images – Source:thehackernews.com https://ciso2ciso.com/steganography-explained-how-xworm-hides-inside-images-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #steganography #TheHackerNews

Steganography is on the rise! Hackers(blackhats/crackers) are hiding malicious code inside innocent-looking images to bypass security & deploy malware like XWorm. This article explains how it works & how to stop it. Stay safe! #cybersecurity #steganography #malware #newz
https://thehackernews.com/2025/03/steganography-explained-how-xworm-hides.html