ObliqueRAT, a Remote Access Trojan that was first discovered in early 2020, has received an update that now disguises the payload in image files on compromised websites, according to an article published on ZDNet. The RAT has been updated to include many new features, the most notable being the use of steganographic payloads to embed zip files in images. These malicious images are downloaded by ObliqueRAT’s maldoc stager, and the zip file is extracted by the maldoc macros. While there are no solid attributions, ObliqueRAT has been connected to campaigns distributing CrimsonRAT and also possibly RevengeRAT.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in