When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The campaign, dubbed SteganoArmor, was discovered by researchers from Positive Technologies.
For those unfamiliar with steganography, its a technique of hiding data inside benign files.
(Image credit: Shutterstock)
Hackers use it to hidemalwarein JPG and similar files, and thus bypass email security solutions.
These files exploit a seven-year-old flaw tracked as CVE-2017-1182.
This script will download a JPG file holding a base-64 encoded payload.
The majority of these are infostealers, with a few RATs and stage-two downloaders.
So far, more than 320 attacks were discovered.
Defending against this attack is relatively easy.
Also, they could patch their Office suite to prevent the malware from exploiting CVE-2017-1182.
The patch for this vulnerability has been around for more than half a decade.
TA558 has been around for almost a decade, mostly targeting organizations in the hospitality and tourism industries.
ViaBleepingComputer
