27 February 19, 14:25
(This post was last modified: 27 February 19, 14:25 by silversurfer.)
Quote:A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward.
The malicious code is hidden in a BMP type of picture and it is heavily obfuscated. One property of polyglot images is that browsers can run only the code inside them and ignore the rest of the content.
Basically, the interpreter in the browser ignores the image data and runs the payload string.
Researchers at Devcon discovered this trick used in the wild, disguised as a normal BMP file. One of the images altered to serve the attacker's interests can easily pass as a harmless advertisement:
SOURCE: https://www.bleepingcomputer.com/news/se...ot-images/