A spear-phishing attack by a North Korean threat actor has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) Researchers attribute the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary. Malwarebytes said the campaign started by distributing emails laced with a malicious document that it identified on April 13. The document purports to be a participation application form for a fair in one of the South Korean cities and prompts users to enable macros.
Source: https://thehackernews.com/2021/04/lazarus-apt-hackers-are-now-using-bmp.html