- December 2016: Stegano exploit kit spreads by hiding in pixels of malicious ads. (ESET)
- May 2017: In March, Stegano began using a Microsoft information disclosure vulnerability, CVE-2017-0022, to determine if certain antivirus was running on the affected Machine. In April, it was updated again with an anti-replay feature designed to abuse the Diffie-Hellman key exchange, preventing security researchers from obtaining Stegano's secret key used to encrypt and decrypt its payloads. (Trend Micro)
- June 2017: AdGholas group is using the Stegano EK in a malvertising campaign to infect users with the Mole ransomware, a variant of CryptFile2. (Proofpoint)
- ESET provides technical details on the Stegano exploit kit, here.