A well-known hacker group is behind this malicious campaign
Network security and ethical hacking
specialists from the International Institute of Cyber Security warn about a new
malvertising
campaign against Apple device users. According to the cybersecurity expert
Eliya Stein, the group behind this campaign, called VeryMal, has deployed several campaigns since the middle of last
year, trying to redirect Apple users to the veryield-malyst domain.
The specialist estimates that nearly 5 million
users could have been exposed during the latest malicious campaign, in which
the attackers resorted to the use of steganography so that security systems
could not detect their payloads.
“The more sophisticated the detection of
malvertising becomes, the hackers also develop better methods to evade security
systems and achieve the goals of their malicious campaigns”, Stein mentions. “Techniques
such as steganography are useful for delivering payloads without relying on
encoded chains or voluminous search tables”.
In this case, the campaign is designed to
deliver a Trojan known as shlayer, an adware installer that uses “an unusual
installation process,” to try to bypass detection, reports the network
security expert.
The campaigns of the VeryMal group concentrate
most of their activity in a few days, this time, it only remained active
between January 11th and 13th, concentrating mainly on infecting iOS and macOS
users in the United States. According to the expert in network security, with
the steganography the malicious actors hide the Javascript malware inside a
multimedia file, a picture for example, practice that has become very popular
recently.
The marketing industry could be affected just
like Apple; according to calculations about the impact of this incident, the
malvertising campaign generated losses for about $1.2M USD each day that was
kept active derivatives of interrupted user sessions and blocking of future
announcements.
Advertisers may even be accused of advertising
fraud and found directly responsible for damage to infected devices.
