2024-04-16 13:39:00 UTC

Hackers belonging to the group TA558 have been using steganography to launch large-scale malware attacks. This technique involves hiding malicious code within images to deliver various types of malware, including Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm. The group utilized steganography by sending VBSs, PowerShell code, and RTF documents with embedded exploits.