New Mac Malware Uses Steganography to Sneak Into Computers
Most malware that pops up online targets Windows, but Apple’s platform is not immune. There’s a particularly sneaky new piece of malicious code floating around the web that hides in plain sight to attack macOS. The so-called VeryMal payload makes its way into computers by way of ad image files impregnated with a steganography-based payload.
For the unaware, steganography is the process of integrating text or data into an image file. Running the operation in reverse, it’s possible to extract that data from the image. That data could be anything — there’s nothing inherently harmful about steganographic images or image files in general. When you add malicious code and tools to extract and execute it, that’s when things get problematic.
VeryMal popped up between January 11th and 13th in advertising networks used by some of the top web publishers. The payload is malicious JavaScript code, but it evades filters by hiding inside an image. The image in question is a small white bar (sscc.jpg) that looks completely innocuous to the naked eye. When the ad loads, a small piece of seemingly harmless JavaScript comes along with it. That module reads through the image’s pixels (via an HTML5 canvas) to recreate the hidden malicious code and execute it.
This is Mac-specific malware, so the initial JavaScript code checks to see if Apple font families are on the machine. If not, it assumes the ad is being shown on a PC and doesn’t proceed further. If it does see Apple fonts, the extraction process continues. The result of executing code is a fairly typical redirect attack that tries to trick the user into downloading a fake Adobe Flash update. While Flash updates might not be the best trojan horse anymore, Mac users will be less familiar with this type of attack. Security firm Confiant estimates the cost impact for the January attack has been over $1.2 million.
If the user installs the malware package, they end up with a malvertising bot that runs in the background. It clicks on ads to generate revenue for those behind the scam. As with most malware, the best defense against VeryMal is a little common sense. You might also want to use an ad blocker, something Google might make much harder in the future.
Continue reading
Malware Masquerading as Android 2FA App Infected 10,000 Phones Before Removal
Known simply as 2FA Authenticator, the app picked up more than 10,000 installs until security researchers identified it as a vehicle for trojan-dropper malware.
Clever Malware Masquerades as Windows 11 Installer
A Russian website disguised as an official Microsoft page is distributing an "upgrade installer" that won't get you Windows 11. What it will get you is a bunch of malware.
Researchers Devise Malware That Runs When an iPhone is Powered Off
The iPhone's low-power mode allows users to access Express cards and locate lost devices even when the phone is turned off—but it also presents a concerning security vulnerability.
Google Warns of Sophisticated Malware Distributed With The Help of ISPs
According to Google's Threat Analysis Group (TAG), this spyware was developed by an Italian company called RCS Labs. The firm claims to be on the right side of the law, but that doesn't change the fact its software is being used to breach user privacy.