More malware has been found hiding in seemingly innocuous images, but this time in what security vendor Eset describes as ‘malvertising campaigns’ on popular websites.
Where the Imagegate malware reported last month relies on users opening files that had been automatically downloaded onto their computers, the Stegano exploit kit allows the bad guys to create images that contain malicious code that is executed by vulnerable versions of Flash within Internet Explorer.
These images have been delivered by placing them in advertisements displayed by “major domains, including news websites with millions of daily visitors,” according to security vendor Eset.
The code contained in the images has the job of downloading whatever malware the criminals have selected. Eset has seen examples of banking Trojans, backdoors and spyware, but ransomware could just as easily be installed this way.
Eset has published a detailed explanation of how Stegano works.
“The Stegano exploit kit once again reinforces the necessity of keeping your operating system and application software fully patched and as up-to-date as possible,” said Eset senior research fellow Nick FitzGerald.
“Aside from only targeting systems using specific web browsers and outdated Flash versions, Stegano expends extensive effort to avoid running on typical security researcher computers, whether virtual, sandbox or a standard 'infectible' machine. This is all part of its plan to avoid initial detection and complicate ongoing monitoring and research, thereby increasing the profit for the cybercriminals behind this exploit kit.
“As Australian web visitors have been specifically targeted in recent Stegano malvertising campaigns, Australian internet users who are unsure of the automatic patching of their systems should check they have all the latest security patches installed and that their security software is properly updated and configured. Users of security solutions other than Eset’s might wish to get a second opinion from the Eset Online Scanner.”