Skip to content

Malvertising Campaign Used Steganography to Distribute Shlayer Trojan

By | Published

A short-lived malvertising campaign leveraged a steganography-based payload to target Mac users with the Shlayer trojan.

Named for its use of veryield-malyst[dot]com as one of its ad-serving domains, the “VeryMal” threat actor conducted its malvertising campaign between 11 January 2019 and 13 January 2019. That’s not a long time period to remain active. But the campaign boosted its visibility by affecting two top-tier exchanges that account for approximately a quarter of the top 100 publisher sites.

Anti-malware software provider Confiant believes that this technique helped the malvertising operation generate as many as five million impressions each day it was active.

Infection began when a Mac user came across an ad containing the image of a small white bar.

This file might look unremarkable. But that wasn’t the case below the surface. That’s because VeryMal had created a Canvas object, which enabled the HTML5 Canvas API to interact with images and their underlying data.

Read Complete Article:

Share this story

Subscribe to our newsletter to stay up to date on the latest trends and emerging threats.

Take Us For A Spin

Request a trial and see how it feels to have Confiant on your side.

Get Started Free