Categories
Hack News privacy security Software

Security analysts find hidden malware payload attacks in graphic files, begin to study new technique

You’re not going to love this, but a group of security designers have apparently discovered that a new way of attacking the macOS with malware is being used.

The researchers have noted that malicious online advertising found to have used steganography to disguise its payload within an ad’s image files, in order to fool security systems.

Analyzed by Confiant and Malwarebytes, an attempt to infect Macs from January 11 until January 13 was performed by a “malvertizer” dubbed “VeryMal” by the firms. It is believed that the attempted attack ad was viewed on as many as 5 million Macs during the brief period of time it was active.


The ad which was studied used a notice stated that the Adobe Flash Player update required an update, and rged users to open a file that would attempt to download in their browser, writes Confiant. Those who accepted the download and ran the malware ended up infecting their Mac with the Shlayer trojan.

The attempt was noted in that it hid the payload of the attack within the visible advertisement. The graphic file, when studied using stenography, included hidden code to deliver its content.

The code, when executed, would create a Canvas object, grab an image file from a specific URL, and define a function that checks if a specific font family is supported by the browser. If a check for Apple fonts failed, nothing would happen, but on success, the underlying data in the image file would be looped through, with each loop determining a pixel value that became an alphanumeric character. This was turned into a string and executed.

“As malvertizing detection continues to mature, sophisticated attackers are starting to learn that obvious methods of obfuscaton are no longer getting the job done,” writes Eliya Stein of Confiant. Noting that common JavaScript obfuscators result in a “very particular type of gibberish” that is easy to spot, Stein adds “Techniques like steganography are useful for smuggling payloads without relying on hex encoded strings or bulky lookup tables.”

While macOS is considered easier to protect against malware compared to operating systems like Windows, it’s still possible for malware to slip through. As such, Mac users should continue to be careful online, and to scrutinize notices regarding updates to determine if they’re genuine or otherwise.

Stay tuned for additional details as they become available.

Via AppleInsider and Confiant