A company focused on cybersecurity for the media industry
一家专注于媒体行业网络安全的公司says it has discovered that hackers are now using a technique designed to hide malicious code to commit digital ad fraud.

Officials at Devcon told The Hill on Sunday they uncovered the use of the technique --- known as a polyglot --- on Friday. They said that the use of polyglots, which are considered to be among the more technically advanced techniques available for cyber criminals, points to more hackers committing digital ad fraud.
Devcon的官员周日告诉The Hill他们在周五发现了这种技术的使用 - 被称为多种语言。他们表示,使用polyglots,被认为是网络罪犯可用的技术更先进的技术之一,指向更多的黑客犯下数字广告欺诈。

In a polyglot, users can hide malware within the code for an existing file, like an image. In a successful attack using the tool, a web browser will only load the code for what appears to be its intended purpose, allowing the malicious code to remain hidden while it carries out the attack.

For example, the hackers can manipulate the code to make it appear as if it is only an image. But when a web browser uploads the image, it is also including the malware --- a JavaScript code in this case uncovered by Devcon --- which can then carry out an attack. The use of the polyglot "suggests that a lot of mainstream hackers are now getting into the ad fraud space," Maggie Louie, the founder and CEO of Devcon, told The Hill.
例如,黑客可以操纵代码使其看起来好像只是一个图像。但是当Web浏览器上传图像时,它还包括恶意软件---在这种情况下由Devcon发现的JavaScript代码 - 然后可以执行攻击。使用多语言"表明许多主流黑客现在正在进入广告欺诈领域,"Devcon创始人兼首席执行官Maggie Louie告诉The Hill。

In the polyglot uncovered by Devcon, the researchers found that the exploit was hidden in photos in digital ads.

Some of the images found by the firm and shared with The Hill include ones for a service labeled "MyFlightSearch" offering discounted flights for spring break, and for a company labeled "JobsImpact" that said it was hiring and encouraged users to click on the ad to "learn more."
该公司发现并与The Hill共享的一些图片包括标有"MyFlightSearch"的服务,提供春假的折扣航班,以及标有"JobsImpact"的公司表示正在招聘并鼓励用户点击广告了解更多。"

After the image appears, users can then be redirected to a pop-up offering a scam like a $1,000 gift card to Walmart.

"This all happens automatically without user interaction," Josh Summitt, the chief technology officer at Devcon, told The Hill. "So the user doesn't have to click an ad or anything like that for this to happen, it will just redirect them out of the site."
"这一切都是在没有用户互动的情况下自动发生的,"Devcon的首席技术官Josh Summitt告诉The Hill。 "因此,用户无需点击广告或类似内容就可以实现此目的,只会将其重定向到网站之外。"

"Most users, it annoys them," he added. "Some users actually click on these things and give up their data."
"大多数用户都会惹恼他们,"他补充道。 "有些用户实际点击这些东西并放弃他们的数据。"

Summitt and Louie said that once the pop-up appears, other attacks can be carried out, from cryptomining to the installation of a remote access trojan, which effectively gives the hacker access to the user's device and opens the door to future cyberattacks.

This isn't the first time that malicious code has been hidden within images to commit ad fraud: In another exploit, known as steganography, pixels for an image will be replaced with code, causing the picture to look degraded.

But in a polyglot, Summitt said, the code is for both an image and the malware, which can hide the inclusion of the malicious code.

Louie said that since Devcon discovered the polyglot's use in digital ad fraud, the company's software has blocked it thousands of times on their clients' sites, which include online publishers and ad networks.

Louie and Summitt said that the widespread use of the polyglot could mean that someone has made it easily available for hackers by including it in a toolkit that they can copy and paste from.

"It is an emerging attack," Louie said. "I would say for anybody in the cyber world who is working with anybody that is in the advertising world, it's really important to be aware that this is trending. We're seeing it peak throughout our publisher network now."
"这是一种新兴的攻击,"路易说。 "对于网络世界中任何与广告界人士合作的人,我都会说,了解这是一个趋势非常重要。我们现在看到它在我们的发布商网络中达到顶峰。"