"TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks"

The threat actor known as "TA558" has been using steganography as an obfuscation method in the delivery of a variety of malware, including Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, XWorm, and more. Positive Technologies reported that the group used steganography extensively, sending VBSs, PowerShell code, and RTF documents containing an embedded exploit, inside images and text files. The campaign has been dubbed "SteganoAmor" due to its use of steganography and choice of file names. Most of the attacks have targeted Latin American countries' industrial, services, public, electric power, and construction sectors. The campaign has also targeted companies in Russia, Romania, and Turkey. This article continues to discuss findings regarding TA558's SteganoAmor campaign. 

THN reports "TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks"

Submitted by grigby1