New malvertising campaign attacks Apple device users

A well-known hacker group is behind this malicious campaign

Network security and ethical hacking specialists from the International Institute of Cyber Security warn about a new malvertising campaign against Apple device users. According to the cybersecurity expert Eliya Stein, the group behind this campaign, called VeryMal, has deployed several campaigns since the middle of last year, trying to redirect Apple users to the veryield-malyst domain.

The specialist estimates that nearly 5 million users could have been exposed during the latest malicious campaign, in which the attackers resorted to the use of steganography so that security systems could not detect their payloads.

“The more sophisticated the detection of malvertising becomes, the hackers also develop better methods to evade security systems and achieve the goals of their malicious campaigns”, Stein mentions. “Techniques such as steganography are useful for delivering payloads without relying on encoded chains or voluminous search tables”.

In this case, the campaign is designed to deliver a Trojan known as shlayer, an adware installer that uses “an unusual installation process,” to try to bypass detection, reports the network security expert.

The campaigns of the VeryMal group concentrate most of their activity in a few days, this time, it only remained active between January 11th and 13th, concentrating mainly on infecting iOS and macOS users in the United States. According to the expert in network security, with the steganography the malicious actors hide the Javascript malware inside a multimedia file, a picture for example, practice that has become very popular recently.

The marketing industry could be affected just like Apple; according to calculations about the impact of this incident, the malvertising campaign generated losses for about $1.2M USD each day that was kept active derivatives of interrupted user sessions and blocking of future announcements.

Advertisers may even be accused of advertising fraud and found directly responsible for damage to infected devices.