Remote access trojan ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. Previously, payloads were embedded into the documents themselves. Now, if users click on the attachment, they re redirected to malicious URLs where the payloads are hidden with steganography. Researchers warn that this new tactic has been seen helping operators to avoid detection during the malware s targeting of various organizations in South Asia where the goal is to ultimately sends victims an email with malicious Microsoft Office documents.
Source: https://threatpost.com/website-images-obliquerat-malware/164395/