A company focused on cybersecurity for the media industry
一家专注于媒体行业网络安全的公司says it has discovered that hackers are now using a technique designed to hide malicious code to commit digital ad fraud.
Officials at Devcon told The Hill on Sunday they uncovered the use of the technique --- known as a polyglot --- on Friday. They said that the use of polyglots, which are considered to be among the more technically advanced techniques available for cyber criminals, points to more hackers committing digital ad fraud.
Devcon的官员周日告诉The Hill他们在周五发现了这种技术的使用 - 被称为多种语言。他们表示，使用polyglots，被认为是网络罪犯可用的技术更先进的技术之一，指向更多的黑客犯下数字广告欺诈。
In a polyglot, users can hide malware within the code for an existing file, like an image. In a successful attack using the tool, a web browser will only load the code for what appears to be its intended purpose, allowing the malicious code to remain hidden while it carries out the attack.
In the polyglot uncovered by Devcon, the researchers found that the exploit was hidden in photos in digital ads.
Some of the images found by the firm and shared with The Hill include ones for a service labeled "MyFlightSearch" offering discounted flights for spring break, and for a company labeled "JobsImpact" that said it was hiring and encouraged users to click on the ad to "learn more."
After the image appears, users can then be redirected to a pop-up offering a scam like a $1,000 gift card to Walmart.
"This all happens automatically without user interaction," Josh Summitt, the chief technology officer at Devcon, told The Hill. "So the user doesn't have to click an ad or anything like that for this to happen, it will just redirect them out of the site."
"这一切都是在没有用户互动的情况下自动发生的，"Devcon的首席技术官Josh Summitt告诉The Hill。 "因此，用户无需点击广告或类似内容就可以实现此目的，只会将其重定向到网站之外。"
"Most users, it annoys them," he added. "Some users actually click on these things and give up their data."
Summitt and Louie said that once the pop-up appears, other attacks can be carried out, from cryptomining to the installation of a remote access trojan, which effectively gives the hacker access to the user's device and opens the door to future cyberattacks.
This isn't the first time that malicious code has been hidden within images to commit ad fraud: In another exploit, known as steganography, pixels for an image will be replaced with code, causing the picture to look degraded.
But in a polyglot, Summitt said, the code is for both an image and the malware, which can hide the inclusion of the malicious code.
Louie said that since Devcon discovered the polyglot's use in digital ad fraud, the company's software has blocked it thousands of times on their clients' sites, which include online publishers and ad networks.
Louie and Summitt said that the widespread use of the polyglot could mean that someone has made it easily available for hackers by including it in a toolkit that they can copy and paste from.
"It is an emerging attack," Louie said. "I would say for anybody in the cyber world who is working with anybody that is in the advertising world, it's really important to be aware that this is trending. We're seeing it peak throughout our publisher network now."