A new steganography campaign targeting iOS devices exploits demand-side adtech providers and adtech vendors to serve malware to millions of consumers.

The Media Trust Digital Security and Operations team has detected that at least five publishers, three demand-side vendors, and 11 other adtech vendors have been used to spread the malware Stegoware-3PC residing in PNG files on devices using iOS 12. The PNG files are embedded in fake ads supposedly representing well-known online retailers, but when clicked redirect the victim to a phishing scam site.

“The ads prompt visitors to shop and, in so doing, enter their personal information. The malware exfiltrates the information and sends it to a malicious command and control server,” wrote Mike Bittner, associate director of digital security and operations at The Media Trust.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.