Cyware: Attackers are using polyglot images in malvertising attacks to hide their malicious payloads

shutterstock_1050436496.jpg
  • Researchers from DEVCON have observed a group of malvertisers using polyglot images to hide malicious ad payloads.

  • Polyglot images can be both an image and JavaScript at the same time. Also, polyglot images do not require an external script to extract the payload.

Why it matters - We have been familiar with attackers using steganography technique to hide malicious payloads inside images. However, Polyglot images are different from Steganographic images.

Worth noting

  • Steganography hides malware in an image by altering a few pixels in the image which makes it difficult to detect.

  • Polyglot, on the other hand, is unique as the polyglot images can be an image and JavaScript at the same time.

  • Additionally, polyglot images do not require an external script to extract the payload.

READ MORE >>