A single pixel could be used to compromise your PC, millions of people visiting major websites over the past months may have been infected with malicious code that was embedded in pixels of the ads banners.
The malware researchers from security firm ESET dubbed this malvertising campaign ‘Stegano,’ despite it dates back to 2014, since October threat actors started using the technique via ads displayed on many high-reputable news sites. each with millions of daily visitors.
According to the company, millions of daily visitors may have been exposed to the Stegano campaign.
The experts discovered that Stegano hides portions of its malicious code in parameters controlling the transparency of pixels used to display banner ads, but the impact of the appearance of the images is almost imperceptible.
“The malicious version of the graphic has a script encoded in its alpha channel, which defines the transparency of each pixel. Since the modification is minor, the final picture’s color tone is only slightly different to that of the clean version” reads the analysis published by the company-
The researchers discovered that the code first checks for the presence of a virtualized environment,sandboxing mechanisms, or security software, then redirects the victim’s browser to a site that hosts three exploits for Adobe Flash vulnerabilities. The script targets users who visited the news sites with Internet Explorer browsers, it leverages on the CVE-2016-0162 exploitation.
“We can say that even some of the other major exploit kits, like Angler and Neutrino, are outclassed by the Stegano kit in terms of referrals—the websites onto which they managed to get the malicious banners installed,” contines the analysis. “We have observed major domains, including news websites visited by millions of people every day, acting as ‘referrers’ hosting these advertisements. Upon hitting the advertising slot, the browser will display an ordinary-looking banner to the observer. There is, however, a lot more to it than advertising.”
The exploit is used by crooks to a malicious code belonging to the families of malware known as Ursnif family (banking trojan and data stealer) and the popular Ramnit malware.
The infections were concentrated in Canada, the UK, Australia, Spain, and Italy because its users used to visit the websites affected by the malvertising campaign.
In order to avoid being victims of the Stegano kit, or any other known exploit kit in the threat landscape, netizens have to use up to date software and security solutions.
[adrotate banner=”9″]
(Security Affairs – Stegano kit, malware)
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.