Hacker organization APT37 uses JPEG files to hide malware and launch attacks

According to news from HashiChain, the Chief Information Security Officer of Slow Fog revealed that the North Korean-linked hacker organization APT37 has hidden malware in JPEG image files to carry out attacks. This malware employs a two-stage encrypted shellcode injection method to hinder analysis, and the attackers use shortcut files with the .lnk extension, embedding Cmd or PowerShell commands to execute the attack. Efficient EDR monitoring optimized for detecting abnormal endpoint behavior is now crucial.