https://www.bleepingcomputer.com/news/security/github-based-malware-calculates-cobalt-strike-payload-from-imgur-pic/

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub.

This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.