News - Confiant

Malvertising Campaign Used Steganography to Distribute Shlayer Trojan

Written by Security Boulevard | Jan 24, 2019 5:00:00 AM

A short-lived malvertising campaign leveraged a steganography-based payload to target Mac users with the Shlayer trojan.

Named for its use of veryield-malyst[dot]com as one of its ad-serving domains, the “VeryMal” threat actor conducted its malvertising campaign between 11 January 2019 and 13 January 2019. That’s not a long time period to remain active. But the campaign boosted its visibility by affecting two top-tier exchanges that account for approximately a quarter of the top 100 publisher sites.

Anti-malware software provider Confiant believes that this technique helped the malvertising operation generate as many as five million impressions each day it was active.

Infection began when a Mac user came across an ad containing the image of a small white bar.

This file might look unremarkable. But that wasn’t the case below the surface. That’s because VeryMal had created a Canvas object, which enabled the HTML5 Canvas API to interact with images and their underlying data.

Read Complete Article: https://securityboulevard.com/2019/01/malvertising-campaign-used-steganography-to-distribute-shlayer-trojan/