Malwarebytes acquired a document that it says the Lazarus Group used in an attack against a South Korean target as part of a larger campaign. The malware embedded in the images drops two payloads, and the actual attack takes place after the second has been downloaded. If the attack is successful, the hacker gains the ability to receive and execute commands and shellcode and perform data exfiltration to a command-and-control server, the researchers say. The attack was initiated with a series of phishing emails that contained a malicious Microsoft Word document named “Application Form””]
Source: https://www.cuinfosecurity.com/lazarus-group-hid-remote-access-trojans-in-bitmap-images-a-16438