Attackers using polyglot images in malvertising
Sadly, it’s been a big week in ad fraud, as hackers and criminal continue to find new ways to rob quality news publishers of revenues and exploit innocent users.
Ad fraud detection company DEVCON (which has partnered with AdHack.org for our sweeping study of how ad fraud is exploiting publishers and readers of local news) discovered how attackers are using polyglot images in malvertising to deliver malicious payloads.
“The clever trick here is that attacker can control the size of the image and hexadecimal characters can be manipulated so they are interpreted by the computer as something else,” DEVCON researchers said. “This may indicate that more advanced groups are now moving into the ad fraud space to exploit users.”
While it’s good news to have researchers and good hackers going after the problem, the fact that the exploits continue to get more sophisticated shows the vulnerabilities of a digital medium so reliant on a business model - advertising - that is so vulnerable.
And, as Fast Company pointed out this week, we’re all enabling it.