A single pixel could be used to compromise your PC, millions of people visiting major websites over the past months may have been infected with malicious code that was embedded in pixels of the ads banners.
The malware researchers from security firm ESET dubbed this malvertising campaign ‘Stegano,’ despite it dates back to 2014, since October threat actors started using the technique via ads displayed on many high-reputable news sites. each with millions of daily visitors.
According to the company, millions of daily visitors may have been exposed to the Stegano campaign.
The experts discovered that Stegano hides portions of its malicious code in parameters controlling the transparency of pixels used to display banner ads, but the impact of the appearance of the images is almost imperceptible.
“The malicious version of the graphic has a script encoded in its alpha channel, which defines the transparency of each pixel. Since the modification is minor, the final picture’s color tone is only slightly different to that of the clean version” reads the analysis published by the company-
The researchers discovered that the code first checks for the presence of a virtualized environment,sandboxing mechanisms, or security software, then redirects the victim’s browser to a site that hosts three exploits for Adobe Flash vulnerabilities. The script targets users who visited the news sites with Internet Explorer browsers, it leverages on the CVE-2016-0162 exploitation.
“We can say that even some of the other major exploit kits, like Angler and Neutrino, are outclassed by the Stegano kit in terms of referrals—the websites onto which they managed to get the malicious banners installed,” contines the analysis. “We have observed major domains, including news websites visited by millions of people every day, acting as ‘referrers’ hosting these advertisements. Upon hitting the advertising slot, the browser will display an ordinary-looking banner to the observer. There is, however, a lot more to it than advertising.”
The infections were concentrated in Canada, the UK, Australia, Spain, and Italy because its users used to visit the websites affected by the malvertising campaign.
In order to avoid being victims of the Stegano kit, or any other known exploit kit in the threat landscape, netizens have to use up to date software and security solutions.
(Security Affairs – Stegano kit, malware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.