New Mac Malware Uses Steganography to Sneak Into Computers

New Mac Malware Uses Steganography to Sneak Into Computers

Most malware that pops up online targets Windows, but Apple’s platform is not immune. There’s a particularly sneaky new piece of malicious code floating around the web that hides in plain sight to attack macOS. The so-called VeryMal payload makes its way into computers by way of ad image files impregnated with a steganography-based payload.

For the unaware, steganography is the process of integrating text or data into an image file. Running the operation in reverse, it’s possible to extract that data from the image. That data could be anything — there’s nothing inherently harmful about steganographic images or image files in general. When you add malicious code and tools to extract and execute it, that’s when things get problematic.

VeryMal popped up between January 11th and 13th in advertising networks used by some of the top web publishers. The payload is malicious JavaScript code, but it evades filters by hiding inside an image. The image in question is a small white bar (sscc.jpg) that looks completely innocuous to the naked eye. When the ad loads, a small piece of seemingly harmless JavaScript comes along with it. That module reads through the image’s pixels (via an HTML5 canvas) to recreate the hidden malicious code and execute it.

The malicious code is hiding inside this simple white bar.
The malicious code is hiding inside this simple white bar.

This is Mac-specific malware, so the initial JavaScript code checks to see if Apple font families are on the machine. If not, it assumes the ad is being shown on a PC and doesn’t proceed further. If it does see Apple fonts, the extraction process continues. The result of executing code is a fairly typical redirect attack that tries to trick the user into downloading a fake Adobe Flash update. While Flash updates might not be the best trojan horse anymore, Mac users will be less familiar with this type of attack. Security firm Confiant estimates the cost impact for the January attack has been over $1.2 million.

If the user installs the malware package, they end up with a malvertising bot that runs in the background. It clicks on ads to generate revenue for those behind the scam. As with most malware, the best defense against VeryMal is a little common sense. You might also want to use an ad blocker, something Google might make much harder in the future.

Continue reading

Someone Hacked Ray Tracing Into the SNES
Someone Hacked Ray Tracing Into the SNES

Surely, a game console from the 90s couldn't support ray tracing, right? Wrong. Game developer and engineer Ben Carter hacked ray tracing into the Super NES with a little help from an FPGA dev board.

One Developer Is Fixing SNES Game Lag After 30 Years
One Developer Is Fixing SNES Game Lag After 30 Years

One dedicated developer is releasing 'FastROM' patches to emulate Nintendo's SA1 chip in games that never had it, eliminating the annoying slowdowns that have plagued gamers for almost 30 years.

Cooler Master Shows Off Limited Edition Sneaker and Shark Chassis Designs
Cooler Master Shows Off Limited Edition Sneaker and Shark Chassis Designs

These cases might not be your cup of tea but it it's still easy to appreciate the craftsmanship that went into them.

Intel Sneakily Reveals Specs for a Mysterious Desktop GPU
Intel Sneakily Reveals Specs for a Mysterious Desktop GPU

Intel threw in a split second of info about a mystery GPU in its latest mobile GPU launch.