New attack method: toxic photos
The security researchers at ESET have detected an extra ordinary new attack method where attackers are using ads containing ‘toxic pixels’ to install malware on victims’ computers.
ESET researchers have detected a new breach of abuse that is transmitted through advertisements on various reputable news sites.
Stegano Exploit Kit is the set of malicious software that is mainly used by cyber criminals, where attackers place harmful softwares into the pixels used in the ads. Ads containing ‘toxic pixels’ are being used to remotely install malware on victims’ computers.
Moreover, the victim does not even need to click on the content of the ad that the virus hides. Just visit a website with this type of banner. If Internet Explorer is used and an incompatible version of Flash Player is running on the computer, the machine is automatically caught with this vulnerability.
It opens the door
According to information provided by Robert Lipovsky from ESET Security Researchers, “From now on, attackers gain the ability to download and run malicious software they want. Some of the harm we are analyzing include banking trojans, backdoors and spyware, but the victims may also face a malicious ransom attack. ”
Where’s the poisoned pixel?
“Stegano” is Steganography, a technique that attackers use to hide a portion of malicious code in the pixels of advertisements. In particular, they hide the parameters that control the transparency of each pixel. This makes only minor changes in the color of the picture, makes changes invisible to the naked eye, and does not perceive the potential victim.
Do not ignore the updates
Regular system patching, up-to-date applications and a reliable internet security solution are the most powerful measures to help prevent such attacks.