In a recent bulletin from Broadcom, researchers unveil a concerning new cyber campaign dubbed SteganoAmor by threat actor TA558. This campaign
employs sophisticated steganography techniques, concealing malicious code within innocent-looking JPG images by hiding messages or data within non-secret or digital media, such as images or audio files.

According to the bulletin, the attack starts with an email attachment, typically an Excel or Word file, exploiting an old patched vulnerability (CVE-2017-11882) in the Office equation editor. Upon execution, the exploit code initiates the download of a seemingly harmless JPEG file containing hidden PowerShell script code. Once executed, this code triggers the download and execution of additional malware, enabling attackers to steal credentials, data,
and even gain remote access.

To evade detection, attackers utilize hacked FTP servers and legitimate cloud storage services for command and control, reaching over 320 targets globally.

This campaign underscores the evolving sophistication of cyber threats and
the importance of staying vigilant against emerging attack vectors.