Malware
Stegoware-3PC marks new high in adware sophistication
A new steganography campaign targeting iOS devices exploits demand-side adtech providers and adtech vendors to serve malware to millions of consumers.The Media Trust Digital Security and Operations team has
detected that at least five publishers, three demand-side vendors, and 11 other
adtech vendors have been used to spread the malware Stegoware-3PC residing in
PNG files on devices using iOS 12. The PNG files are embedded in fake ads
supposedly representing well-known online retailers, but when clicked redirect
the victim to a phishing scam site.“The ads prompt visitors to shop and, in so doing, enter
their personal information. The malware exfiltrates the information and sends
it to a malicious command and control server,” wrote Mike
Bittner, associate director of digital security and operations at The Media
Trust.The Digital Security and Operations team has supplied the
affected adtech firms with the information needed to identify the source of the
malware so it could be removed. Bittner noted the introduction of Stegoware-3PC marked a
technological jump in this type of malware’s sophistication using only 149
lines of code compared to almost 2,000 used by ShapeShifter-3PC.“Stegoware-3PC’s parsimonious use of code belies its
sophisticated techniques and procedures: it triggers two PNG files that conceal
malicious code, makes use of multiple malicious domains once the users are
redirected, and conducts various checks to make sure it is executing in an iOS
device and not an Android device, a sandbox, or virtual machine,” he said.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds