New Malware Might Make macOS Vulnerable Via Steganography

Malwares are usually targeted at Windows users. This is mainly because it accounts for a majority of the userbase around the world. But, that doesn’t mean macOS users are immune to these malware attacks. A new malicious code which hides under plain sight, is particularly tageting macOS. And, it does seem to be pretty critical and easy to fall trap to.

The Transcript Virus

As reports, “The so-called payload VeryMal penetrates computers through ad image files saturated with steganography-based payload.” For readers who are unaware of the term, steganography means integrating text or data in an image. This works both ways as well. That is, users can extract data from an image too. Steganography is a pretty common process and doesn’t pose any harm as such. But, it can be exploited pretty easily. Mainly, that involves adding malicious code to the images.

The payload in question is a malicious javascript code, but it evades all filters and hides inside the image. What makes it more difficult to spot is its appearance. The image is a mere white strip but it comes along with a javascript. This module reads pixels (using canvas in HTML5) to recreate hidden malicious code and execute it. This malware targets Mac users specifically. So, it checks for the presence of Apple font families to verify the OS. The extraction process is aborted if there is no font present. If it detects font families, the extraction process continues.

Once the code is executed, it shows the users that an update of Flash is downloading. This might seem like a  pretty dumb trick for most of us. But, macOS users are not well acquainted with the same. So they might easily fall prey to this trick. Moving on, installing the software would start a malvertising bot in the background. The bot clicks on ads to generate revenue for the people behind all this.

Avoiding the malware is pretty easy. Users need to pay attention to what stuff they are downloading on the internet. Moreover, ad blockers will definitely make it difficult for the malware to target the user. So, a good ad blocker might help as well.