Check out the following articles on the Stegano exploit kit.
http://thehackernews.com/2016/12/image-exploit-hacking.html
My take:
Hackers can go after our systems with advertisements on popular news sites we all visit. To the naked eye, these advertisements look legit, they may even look like security solutions that will protect us online. In reality, if you click on these advertisements they leverage your web browser to run scans against your machine. If the scans detect vulnerable software that can be exploited, your system is fair game.
“In the event of successful exploitation, the vulnerable victims’ systems had been left exposed to further compromise by various malicious payloads including backdoors, spyware and banking Trojans.” (welivesecurity.com)
Reading this quote makes me think of my friends and family who are non-technical. Every day they read something in the news about Cyber Security. When an ad appears on the side of a popular news page they visit, claiming to provide security, they assume this product is safe and will truly protect them. This product is doing the exact opposite; it could be potentially owning your system.
This is a good reminder to me. I need to educate those around me and help them understand basic security best practices. Selfishly, this saves me time too, because then I won’t have compromised systems to troubleshoot.
“The best way to protect yourself against any malvertising campaign is always to make sure you are running updated software and apps. Also use reputed antivirus software that can detect such threats before they infect your system.” (hacknews.com)
