>Interestingly, the code checks to see if Apple fonts are present, and if so, it figures it's running on a Mac and continues on. Non-Macs stop at this point. Here are the full extraction steps, according to the report:
>* Create a Canvas object (this enables the use of the HTML5 Canvas API in order to interact with images and their underlying data.)
>* Grab the image located at: hxxp://s.ad-pixel.com/sscc.jpg
>* Define a function that checks if a specific font family is supported in the browser.
>* Check if Apple fonts are supported. If not, then do nothing.
>* If so, then loop through the underlying data in the image file. Each loop reads a pixel value and translates it into an alphanumeric character.
This is why I argue for adblocking as a security measure. Who is going to pay damages to all the people affected by this malware? Fucking no one. No one has responsibility for it, but the ad companies are directly profiting from it.
The disgusting thing here is that malware keeps being delivered by ads and yet all the media outlets carefully refrain from advising that their users install ad-blockers, because they're making their money off this malvertising.
Noah Clark
>Can confirm A virus just flew over my house
Joseph Green
what exactly is this "malicious" code its fucking javascript on the client how bad can it be?
im a code monkey and work building ads and use javascript all the time and am interested
Henry Sullivan
>im a code monkey yeah you are rofl
Austin Ross
>its fucking javascript on the client how bad can it be? most browser security vulnerabilities are in or related to the JS VM. Basically the first step and often the hardest step in any exploit of any software, browser or otherwise, is to get code execution. After that you can start thinking about exfiltrating data, escalating privileges, or whatever. Browsers that run JS just give you that by default. Yeah they try really hard to sandbox it, but a JS interpreter is very large and contains many things, and that massive amount of hard-to-debug code is going to have holes in it.
It's not impossible to exploit browsers without JS, there was an Android vuln recently where you could feed it a malformed image and gain code execution that way, exploiting a bug in the image-parsing code. But that's much, much harder to do, since that code is simpler and easier to secure than a JS interpreter, by an order of magnitude.
In what sense is it not executing code? You write instructions in a language and it makes things happen on the computer.
Hunter Bell
HOW CAN SOMETHING BE SO BASED AND REDPILLED????
Kayden Morris
based
Blake Wright
>>* If so, then loop through the underlying data in the image file. Each loop reads a pixel value and translates it into an alphanumeric character. What's the point of the image file? Why isn't the script itself just doing its malicious things directly?
Carter Phillips
lmao JS is just one giant security risk
Asher Carter
why not just use navigator.userAgent.includes('Mac')
Jason Roberts
based
Andrew Harris
OH NO NO NO NO AAAAAAAAAAAHAHAHAHAHHAAHHAAHAHA
Grayson Cruz
yikes
Austin Davis
itoddlers wiil defend this
Jonathan Roberts
keep trying, you won't win
Jayden Gomez
Fuck this was actually something I had been wanting to work on. This is insanely better than what I had so far
Carter Howard
underrated
William Hughes
One would think they're running out of itoddlers anymore lmao
Thomas Smith
Yet Apple straight shit on flash and effectively killed it. The irony is quite distilled at this point.
>posting a meme in response You're just as bad as he is, just in a different way. But that could have been your point.
Brandon Clark
What? I don't get it, wouldn't that just be a very dumb way for a javascript script to get code to run? So putting the characters to a string and executing it and then what? Wouldn't that just be the same as including the code in the script itself and skipping the whole stenography thing? Where's the part that it breaks out of the browser? Oh, nvm the stenography is just to bypass some ad company filter, but since mac users are retarded they will just install malware themselves when redirected to a guide on how to install malware... Based
Christopher Hernandez
right, if I can create a canvas element, I'm doing so with JS, right? Which means I'm executing JS. This sounds more like code obfuscation
Chase Roberts
>Oh, nvm the stenography is just to bypass some ad company filter ah, i see
Owen Collins
cartoon website you peice of shit
William Parker
normies get REKT
Carter Hughes
baste
Levi Hill
can be faked.
Wyatt Diaz
A bit more than that. The stenography is looking particularly for Mac operating systems based on the system fonts that'll be used in rendering. Sure, they'll be using it to obfuscate too, but it's also for targeting purposes. In the end the user may be the one inflicting the malware on themselves by accepting the offered update, but most people just aren't taught not to trust what their browser tells them, especially if they are on a website they think is trustworthy. This is why ad networks are such a powerful method of distributing malware. They effectively allow untrustworthy connections into a trusted domain, and most of the users don't even know, they're not even aware that it's coming from somewhere else. They take advantage of user trust.
Joshua Flores
Well I'm not sure if I agree with >They effectively allow untrustworthy connections into a trusted domain If a domain allows connections to ad networks then you can't really trust the domain, can you? But yeah, I get the idea, other people trust it.
Everyone is missing the point, the malware is being delivered by images only, with no human interaction besides loading the image. This one only targets macs but it works on almost every machine, with almost every browser. Just because you run Linux or Windows does not mean you are immune.
David Phillips
Nobody on Jow Forums knows jack shit about technology, they just know Apple bad Microsoft bad Linux good
Bentley Martinez
Reminds me of ChickHEN on the PSP. *cracks red bull* now that was an exploit.
Charles Cook
yikes
Isaac Russell
sue the asshole ad companies running these ads from shit fly by night companies. tech is full of bottom feeding weak beta losers.
Brayden Turner
A user still has do download and execute the malware, it's only a redirect to a spoofed update page or the like.
Bentley Allen
Wtf, now my imac, macbook pro, iphone, and ipad are stealing my info and calling me gay
>but most people just aren't taught not to trust what their browser tells them Macs literally can't get malware though. So there's no need to be careful.
Michael Hill
never going to run out of applelfags because there will always be retards willing to pay exorbitant amounts just to show that they can
Nathan Martin
THIS IS WHY I BLOCK ADS HIRO
I'M NOT EVEN ON A MAC, BUT I DON'T WANT YOU SHOVING JAVAWARE MALSCRIPT ONTO MY MACHINE
>B-BUT MUH AD REVENUE AND ARE YOU GONNA COMPENSATE ME IF MALWARE DESTROYS MY COMPUTER?