From securityaffairs.co
Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub.
Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub.
This PowerShell script is also used by threat actors to download a legitimate image file from image hosting service Imgur and decode an embedded Cobalt Strike script to target Windows systems.
The researcher Arkbird published technical details of the malware that uses steganography to hide the malicious code in the image.