A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. Multiple researchers have potentially linked this strain to MuddyWater, a government-backed advanced persistent threat (APT) group, first observed in 2017. The malware is evasive and spawns payload in multifaceted steps to evade detection. The technique of hiding code, secret data, or malicious payload within ordinary files, such as images, is known as steganography. The payload calculation algorithm runs a foreach loop to iterate over a set of pixel values within the PNG image and performs specific arithmetic operations to obtain functional ASCII commands.
Source: https://www.bleepingcomputer.com/news/security/github-hosted-malware-calculates-cobalt-strike-payload-from-imgur-pic/