Skip Navigation

OceanLotus Steganography Malware Analysis White Paper

BlackBerry Cylance recently uncovered a novel malware payload loader during our ongoing surveillance of the OceanLotus (APT32) group. The loader uses steganography to read an encrypted payload concealed within a .png image file. Download the OceanLotus Steganography Malware Analysis white paper for further details on how this APT:

  • Utilizes a steganography algorithm to minimize visual differences between clean and infected images
  • Uses an obfuscated loader to load one of the APT’s favored backdoors, often Denes or Remy
  • Invests in bespoke tooling, and what their continued focus on this area may mean
  • Obfuscates their malware by imitating well-known DLLs
  • Implements multiple anti-analysis checks into their loaders

The OceanLotus Steganography Malware Analysis white paper offers an in-depth look at two concerning technical achievements recently employed by this APT. It is a must-read for professionals wishing to stay informed of the latest tactics and tools implemented by global threat groups.

Download the Report

Are you sure you don't want to stay in touch?

If you'd like to receive communications from us, please select the box above. You can always update your preferences later from our Privacy Policy. If the box is left blank, your information will NOT be collected by BlackBerry.

Download Now

Error submitting form. Please try again later.