Malvertising—the combination of malware and advertising—is nothing new. Cyber criminals have long taken advantage of legitimate web advertising agencies to sneak evil code into the ads of some very popular websites. However, a new malvertising campaign called Stenago takes stealthy malicious ads to a new level. By hiding its evil script in the transparency data of an image, and by avoiding infecting security researcher’s machines, Stenago has been successfully spreading malware for months, if not years. Watch the video below for more details, and check out the blog post in the Reference section for the entire story.
Episode Runtime: 3:15
Direct YouTube Link: https://www.youtube.com/watch?v=4mWquR7dLi0
EPISODE REFERENCES:
- Millions infected by malvertising hiding in a banner image – Ars Technica
- Researcher’s blog post detailing the Stenago malvertising campaign – Eset
- Another research group calls this campaign AdGholas – Malwarebytes
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply