The OceanLotus APT is using two new loaders which use steganography to hide their encrypted payloads. After victims click on malicious files sent via phishing emails, a loader will execute a next-stage encrypted payload. Once decoded, decrypted, and executed, the payload will deploy the APT s backdoor. Steganography has been used in several campaigns over the past year, including in uploaded images on trusted Google sites and even in memes on Twitter.
Source: https://threatpost.com/oceanlotus-apt-uses-steganography-to-shroud-payloads/143373/