Millions of systems exposed to malware as News websites being targeted

Malware, Threat

Millions of Internet readers visiting popular news websites have been targeted by malicious ads redirecting to an Stegano exploit kit. Through malicious ads, cyber criminal are able to compromises readers computer or smartphone and gain unauthorized access.

The campaign is active since passed October, where users visiting news websites are presented with deceiving advertisement of an application, calling itself “browser defense” or “broxu”.

Cyber criminals behind such campaign redirects readers to the “Stegano exploit kit” which then compromises the visitors system.

These advertisement banner are malicious graphics that encode scripts within individual pixels. Since it conceal malicious codes in individual pixels, the ads graphics doesn’t appear as sharp as normal graphics are. But researcher at ESET Security says it not as easy to identify for an “unconscious eyes”.

clean image
clean image without malicious code
evil image with malicious code
evil image with malicious code









“The modification is minor, the final picture’s color tone is only slightly different to that of the clean version”, says ESET Researcher.

ESET Security doesn’t name the website affected by this campaign but said “many of these news websites are visited by millions of people every day”.

However, Malwarebytes says, “the hacker has targeted top trusted portals like Yahoo or MSN” as well as various “top level publishers.”

How it works?

Once user landa on the news website to know what’s going on all around the world, the reader is presented with ads with malicious code. The malicious code, without any interaction, send information about visitor’s system to the cybercriminal’s servers.

Based on attacker’s logic, the visitor of news site is then served either a clean image or malicious twin. The attacker verifies that it is not being run in a monitored environment such as a malware analyst’s machine.

If the hacker’s server do not find any such environment, it redirect the visitor to the Stegano exploit kit landing page. The landing page then, exploit the flash and internet explorer bugs and install payload into the readers system.

The hacker is then able to steal files from victims system, or install spyware to have to look upon the victims system.


How to save our private data from such campaigns?

As an internet user we need to be more conscious while browsing not only news site but all other websites and not to get trapped by malicious ads. Talking to security expert, Mr. M.K. Hasan, he said: “these kind of campaigns evolves every few months and only way to save our information systems is regular patching”.

He added “We must update our applications running over phone or computers regularly, that is the way we can keep our data a bit safe”.