CyberSum logo
Back

Caminho Loader-as-a-Service Uses Steganography for Malware Delivery

Cyber Security News by CyberSum.net
2 sources
Cybersecurity researchers have identified a new threat called Caminho, a Loader-as-a-Service (LaaS) that hides .NET payloads within images using Least Significant Bit (LSB) steganography. Active since March 2025, this operation targets businesses across multiple regions. The attack begins with spear-phishing emails containing JavaScript or VBScript files, which fetch obfuscated PowerShell code to extract the malicious payload from images hosted on trusted sites. The loader injects the final malware into benign processes and sets up persistence through scheduled tasks. This fileless approach, combined with anti-analysis tricks, makes Caminho difficult to detect.

Also Read

Kimsuky Group Deploys HttpTroy Backdoor in Spear-Phishing Attack

The Kimsuky threat actor has been linked to a spear-phishing attack using a new backdoor called HttpTroy. The attack involved a ZIP file disguised as a VPN invoice, which initiated a multi-stage infection process. The backdoor allows attackers to control compromised systems, execute commands, and capture screenshots. The malware employs advanced obfuscation techniques to evade detection.

By Cyber Security News by CyberSum.net