More than 320 organizations in various sectors around the world, most of which are in Latin America, have been subjected to the new SteganoAmor attack campaign by the TA558 hacking operation that involved the use of steganography to enable the delivery of various malicious payloads, according to BleepingComputer.
Malicious emails with Word and Excel files leveraging the old Microsoft Office Equation Editor vulnerability, tracked as CVE-2017-11882, facilitate the installation of a Visual Basic Script that would retrieve an image with a reversed base64-encoded executable within a text file on systems running on old iterations of Microsoft Office, a report from Positive Technologies revealed.
Aside from deploying the LokiBot and Formbook information-stealing malware strains, attacks part of the campaign also delivered the Agent Tesla spyware, Remcos malware, XWorm remote access trojan, Snake Keylogger, and Guloader malware downloader that are being fetched from Google Drive and other legitimate cloud services in a bid to bypass antivirus system detection.
