Malwarebytes says the Lazarus Group used a new tactic in a recent phishing campaign targeting South Koreans. The malware embedded in the images drops two payloads, and the actual attack takes place after the second has been downloaded. The attack was initiated with a series of phishing emails that contained a malicious Microsoft Word document named “Application Form,” which purported to be a form submitted by someone to host a fair in a South Korean city. If the attack is successful, the hacker gains the ability to receive and execute commands and shellcode.”]
Source: https://www.bankinfosecurity.com/lazarus-group-hid-remote-access-trojans-in-bitmap-images-a-16438