Malvertising Attack Sneaks JavaScript Payload in Polyglot Images
#1
Exclamation 
Quote:A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward.

The malicious code is hidden in a BMP type of picture and it is heavily obfuscated. One property of polyglot images is that browsers can run only the code inside them and ignore the rest of the content.

Basically, the interpreter in the browser ignores the image data and runs the payload string.

Researchers at Devcon discovered this trick used in the wild, disguised as a normal BMP file. One of the images altered to serve the attacker's interests can easily pass as a harmless advertisement:

[Image: Polyglot_image-Exploited.png]

SOURCE: https://www.bleepingcomputer.com/news/se...ot-images/
[-] The following 2 users say Thank You to silversurfer for this post:
  â€˘ darktwilight, harlan4096
Reply


Forum Jump:


Users browsing this thread:
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Kali Linux 2026.2 Released With 9 New To...
Offensive Security...harlan4096 — 08:28
INTEL Arc Graphics 32.0.101.8860 driver
INTEL Arc Graphics...harlan4096 — 08:19
Thunderbird 152.0.1 & Thunderbird 140.12...
Thunderbird 152.0....harlan4096 — 07:59
ESET 19.2.7.0
Changes in 19.2.7....harlan4096 — 07:45
Mozilla Firefox Browser 152.0.4
Mozilla Firefox Br...harlan4096 — 07:44

[-]
Birthdays
Today's Birthdays
avatar (43)uapedDow
avatar (47)suiscced
avatar (48)Angarpaf
avatar (41)clarissalo60
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (41)optsaZes
avatar (40)RaymondViata
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>