The OceanLotus advanced persistent threat (APT) group (also known as Cobalt Kitty) is using a steganography-based loader to drop backdoors on compromised systems. The Steganography algorithm used by APT32 seems to be specifically developed for this purpose and it is designed to conceal the encrypted malware payload within PNG images to minimize as much as possible the possibility of detection by malware discovery tools. The Cylance report published by the report says the group continues to invest heavily in developing bespoke tooling.
Source: https://www.bleepingcomputer.com/news/security/oceanlotus-apt-uses-steganography-to-load-backdoors/