‘VeryMal’ malvertising campaign targets Mac users with Shlayer trojan
- Threat actors conducted this malvertising campaign from January 11 to January 13, 2019.
- The malicious campaign was capable of infecting as many as 5 million Mac users a day.
A new malvertising campaign dubbed as ‘VeryMal’ has been affecting a million Mac users with the Shlayer trojan. This latest campaign employs steganography technique to hide malicious code inside ad images to avoid detection.
The campaign has been named after one of the attackers’ ad serving domains veryield-malyst[.]com. According to a report from a security firm Confiant, threat actors conducted this malvertising campaign from January 11 to January 13, 2019. The malicious campaign was capable of infecting as many as 5 million Mac users a day.
“In fact, the steganography comes into play in order to deliver only part of the payload, and the image needs to be processed in order for that piece to be extracted and then utilized. The image alone will not harm your computer or redirect your browser,” said Eliya Stein, a researcher at Confiant.
If visitors click on the image, then the Shlayer trojan gets downloaded on the device without their knowledge. The Shlayer trojan masquerades as Fake Flash updates in order to infect Mac users.
While the January campaign of ‘VeryMal’ targeted Mac users, Confiant research claims that the operators of ‘VeryMal’ had targeted iOS users in their previous campaigns.