New Mac Malware Uses Steganography to Sneak Into Computers

New Mac Malware Uses Steganography to Sneak Into Computers

Most malware that pops up online targets Windows, but Apple’s platform is not immune. There’s a particularly sneaky new piece of malicious code floating around the web that hides in plain sight to attack macOS. The so-called VeryMal payload makes its way into computers by way of ad image files impregnated with a steganography-based payload.

For the unaware, steganography is the process of integrating text or data into an image file. Running the operation in reverse, it’s possible to extract that data from the image. That data could be anything — there’s nothing inherently harmful about steganographic images or image files in general. When you add malicious code and tools to extract and execute it, that’s when things get problematic.

VeryMal popped up between January 11th and 13th in advertising networks used by some of the top web publishers. The payload is malicious JavaScript code, but it evades filters by hiding inside an image. The image in question is a small white bar (sscc.jpg) that looks completely innocuous to the naked eye. When the ad loads, a small piece of seemingly harmless JavaScript comes along with it. That module reads through the image’s pixels (via an HTML5 canvas) to recreate the hidden malicious code and execute it.

The malicious code is hiding inside this simple white bar.
The malicious code is hiding inside this simple white bar.

This is Mac-specific malware, so the initial JavaScript code checks to see if Apple font families are on the machine. If not, it assumes the ad is being shown on a PC and doesn’t proceed further. If it does see Apple fonts, the extraction process continues. The result of executing code is a fairly typical redirect attack that tries to trick the user into downloading a fake Adobe Flash update. While Flash updates might not be the best trojan horse anymore, Mac users will be less familiar with this type of attack. Security firm Confiant estimates the cost impact for the January attack has been over $1.2 million.

If the user installs the malware package, they end up with a malvertising bot that runs in the background. It clicks on ads to generate revenue for those behind the scam. As with most malware, the best defense against VeryMal is a little common sense. You might also want to use an ad blocker, something Google might make much harder in the future.

Continue reading

Google Will Officially Support Installing Chrome OS on Your Old Computer
Google Will Officially Support Installing Chrome OS on Your Old Computer

Google has just acquired Neverware, and its CloudReady product is becoming an official Chrome OS offering.

Europe Plans 20,000 GPU Supercomputer to Create ‘Digital Twin’ of Earth
Europe Plans 20,000 GPU Supercomputer to Create ‘Digital Twin’ of Earth

The plan to create a digital twin of Earth might end up delayed due to the relative lack of available GPUs, but this isn't going to be an overnight project.

IBM Ships Its First Quantum Computer Outside the United States
IBM Ships Its First Quantum Computer Outside the United States

IBM has shipped its first quantum computer outside the United States. A second far-flung system is expected online in July.

Hubble In Safe Mode Again After Computer Failure [UPDATE]
Hubble In Safe Mode Again After Computer Failure [UPDATE]

The Hubble Space Telescope has been expanding the bounds of human knowledge for more than thirty years. That's not bad for an orbiting installation built in the 1980s that hasn't gotten a service mission in 12 years. Still, the hardware failures are piling up.