Vulnerability Management, Threat Intelligence, Malware

Steganography leveraged in new global TA558 attack campaign

Warning icon on a digital LCD display with reflection.

More than 320 organizations in various sectors around the world, most of which are in Latin America, have been subjected to the new SteganoAmor attack campaign by the TA558 hacking operation that involved the use of steganography to enable the delivery of various malicious payloads, according to BleepingComputer.

Malicious emails with Word and Excel files leveraging the old Microsoft Office Equation Editor vulnerability, tracked as CVE-2017-11882, facilitate the installation of a Visual Basic Script that would retrieve an image with a reversed base64-encoded executable within a text file on systems running on old iterations of Microsoft Office, a report from Positive Technologies revealed.

Aside from deploying the LokiBot and Formbook information-stealing malware strains, attacks part of the campaign also delivered the Agent Tesla spyware, Remcos malware, XWorm remote access trojan, Snake Keylogger, and Guloader malware downloader that are being fetched from Google Drive and other legitimate cloud services in a bid to bypass antivirus system detection.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.