Enlarge (credit score: Getty Photographs)
Ars Technica was lately used to serve second-stage malware in a marketing campaign that used a never-before-seen assault chain to cleverly cowl its tracks, researchers from safety agency Mandiant reported Tuesday.
A benign picture of a pizza was uploaded to a third-party web site and was then linked with a URL pasted into the “about” web page of a registered Ars consumer. Buried in that URL was a string of characters that gave the impression to be random—however had been really a payload. The marketing campaign additionally focused the video-sharing website Vimeo, the place a benign video was uploaded and a malicious string was included within the video description. The string was generated utilizing a way often called Base 64 encoding. Base 64 converts textual content right into a printable ASCII string format to symbolize binary information. Units already contaminated with the first-stage malware used within the marketing campaign routinely retrieved these strings and put in the second stage.
Not usually seen
“It is a completely different and novel manner we’re seeing abuse that may be fairly laborious to detect,” Mandiant researcher Yash Gupta stated in an interview. “That is one thing in malware we’ve got not usually seen. It’s fairly fascinating for us and one thing we needed to name out.”
Learn 10 remaining paragraphs | Feedback
