Recently, Confiant and Malwarebytes analyzed a steganography based payload which was utilized by a “malvertizer” dubbed “VeryMal” by the two firms, to infect Macs. According to the firms, the attempted attack ad was viewed on as many as 5 million Macs.
This campaign was active from 11th January 2019 until 13th January 2019. Confiant detected and blocked 191,970 impressions across their publisher customers. They said that only the US visitors were targeted in this campaign.
According to Confiant, the Mac users who saw the ad, the attack displayed notices that the Adobe Flash Player needed to be updated and made the users to open a file that would attempt to download in their browsers. The download, when accepted and run, ended up infecting the user’s Mac with the Shlayer trojan.
The image could be viewed without harm despite containing the payload. It is harmful only when the code is run on the file, followed by the browser being redirected to a link included in the payload.
Eliya Stein, Security Engineering and research at Confiant, writes, “As malvertizing detection continues to mature, sophisticated attackers are starting to learn that obvious methods of obfuscation are no longer getting the job done. Techniques like steganography are useful for smuggling payloads without relying on hex encoded strings or bulky lookup tables.”
The same malicious actor VeryMal had performed a similar attack at the end December 2018:
However, this attack includes a method, which was difficult to detect.
Malware “is not only limited to advertising-based attacks, with reports in September noting even some apps in the Mac App Store were performing malicious actions, such as extracting user’s data”, according to an Apple Insider report.
To know more about how Confiant and Malwarebytes carried out this analysis, visit Eliya Stein’s blog post on Medium.
Twitter memes are being used to hide malware
Privilege escalation: Entry point for malware via program errors
Bo Weaver on Cloud security, skills gap, and software development in 2019
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…