top of page
  • Admin

What's Hiding In That .BMP Image? Lazarus Hacking Group Knows

Published: October 14, 2021 on our newsletter Security Fraud News & Alerts Newsletter.

Harmless images we see every day online, including as attachments in our emails, may not be so harmless after all. According to Malwarebytes, long time threat actor Lazarus group is now cleverly embedding malware in image files that escape detection by anti-virus software. Lazarus APT (advanced persistent threat) group is thought to be one of the most notorious and sophisticated cybercrime organizations in the world today.

Backed by North Korea since their inception in 2009, this nation-state sponsored group is famous for their hacks against Sony Pictures and the devastating WannaCry ransomware attacks that helped put Lazarus on the map. That map includes the U.S. and Japan as favorite targets on their To-Do List, along with dozens of other countries that could all be subjected to the whims of their Supreme Leader and sponsor, Kim Jong Un.

Adding an Image File-Type

Hiding malware in images isn’t a new tactic, and neither is attaching them to phishing emails. For this latest campaign, the group uses spear phishing emails which are highly targeted to specific individuals. This time, Lazarus group added another file type that expands the known files used to deliver malware. Previously, only files like .exe, .doc, and .zip were able to carry and inject viruses onto a system when the file is opened. Lazarus has now expanded its capability to include .bmp image files in their arsenal. These Bitmap Image files (.bmp) store digital images and are easily opened by multiple platforms such as Mac and Microsoft Windows. Most any device can open a .bmp image file – including those from Lazarus.

Evading Anti-Virus Security

For Lazarus group, including a common file type as a new weapon of choice isn’t where this attack stops. The attached .bmp image files carrying the imbedded malware payload are successful at evading anti-virus security checks for malicious documents. Even worse, the .bmp image files also evade anti-virus methods specifically designed to detect embedded objects in images. That’s not good for anyone but Lazarus group.

Awareness is Cyber-Smart

Takeaways for the everyday user about this latest .bmp addition is something we should all be aware of. In the past, bad actors hid malware in files we already knew to be suspect. No one but Lazarus group expected to see .bmp image files added to their hacking arsenal. It’s now necessary to approach .bmp image files with the cyber-smart skepticism they deserve as potential carriers of malware image attachments. However, since these files are attached to phishing emails, keeping a look-out for the red flags of email phishing can help keep these sneaky attachments where they belong – unopened.

Want to schedule a conversation? Please email us at

6 views0 comments


bottom of page