By Ionut Ilascu
The malicious code is hidden in a BMP type of picture and it is heavily obfuscated. One property of polyglot images is that browsers can run only the code inside them and ignore the rest of the content.
Basically, the interpreter in the browser ignores the image data and runs the payload string.
Researchers at Devcon discovered this trick used in the wild, disguised as a normal BMP file. One of the images altered to serve the attacker's interests can easily pass as a harmless advertisement…
READ MORE >>