A threat group known as “Worok” conceals spyware within PNG graphics to silently infect victims’ computers with information-stealing malware. Researchers at Avast, who built on the discoveries of ESET, have verified this.
Early in September 2022, the first person to notice and report on Worok’s activity. Worok targeted high-profile victims, including as governments in the Middle East, Southeast Asia, and South Africa, according to ESET’s warning, although these targets had limited visibility into the attack chain of the gang.