Latest News and Viewpoints

Attackers using polyglot images in malvertising

Source: DEVCON

Source: DEVCON

Sadly, it’s been a big week in ad fraud, as hackers and criminal continue to find new ways to rob quality news publishers of revenues and exploit innocent users.

Ad fraud detection company DEVCON (which has partnered with for our sweeping study of how ad fraud is exploiting publishers and readers of local news) discovered how attackers are using polyglot images in malvertising to deliver malicious payloads.

Coverage can be found here on Cyware, or - if you want the full technical breakdown - here on the DEVCON site by the CTO who discovered it, Josh Summit.

Polyglot images can be both an image and a JavaScript at the same time, and don’t need an external script to extract the payload. Also, polyglot images are different from steganography, which hides malware in an image by altering a few pixels.

“The clever trick here is that attacker can control the size of the image and hexadecimal characters can be manipulated so they are interpreted by the computer as something else,” DEVCON researchers said. “This may indicate that more advanced groups are now moving into the ad fraud space to exploit users.”

While it’s good news to have researchers and good hackers going after the problem, the fact that the exploits continue to get more sophisticated shows the vulnerabilities of a digital medium so reliant on a business model - advertising - that is so vulnerable.

And, as Fast Company pointed out this week, we’re all enabling it.

Rusty Coats