Slow Mist: hacker group APT37 hides malicious software in JPEG image files to launch attacks

According to a Genians article cited by 23pds, Chief Information Security Officer of SlowMist, the North Korean hacker group APT37 has hidden malicious software in JPEG image files to launch attacks. The malware uses a two-stage encrypted shellcode injection method to hinder analysis, where attackers exploit shortcut files with a. lnk extension and embed CMD or PowerShell commands to execute the attack. Efficient EDR monitoring optimized for detecting abnormal endpoint behavior is now crucial.