A new sophisticated loader named “Caminho” employs LSB steganography to hide malicious payloads inside images, offering advanced evasion techniques. Its multi-regional operations span South America, Africa, and Eastern Europe, utilizing modular infrastructure and legitimate hosting services. #Caminho #Steganography
Keypoints
- Caminho uses LSB steganography to conceal malware within image files like JPGs and PNGs.
- The loader executes filelessly by extracting payloads directly into memory, avoiding disk writes.
- Initial delivery is via spear-phishing emails with malicious scripts that fetch steganographic images.
- The operation employs modular architecture, downloading different malware payloads such as REMCOS RAT and XWorm.
- Legitimate services and bullet-proof hosting domains are exploited for staging and command control, complicating detection.
Read More: https://thecyberexpress.com/caminho-loader-malware-delivery-chain/