Malware hides in image files and target Mac users

Recently, Confiant & Malwarebytes security companies have discovered that sophisticated malware uses images to hide malicious code and use fake Adobe Flash Player updates to trick user install malware. The monitoring found that this group of images carrying malicious scripts was loaded at least five million times, but it is unclear how many Mac users are eventually infected. The ultimate goal of the attacker is to induce users to install fake Adobe Flash Player updates and then populate the user with an ad program to earn money.

The attacker then uses the image to load the malicious code and then decrypt it so that when the user sees the image, they can be redirected to the malicious phishing website.

The phishing website claims that the user needs to update the Adobe Flash Player plugin to play the content. If a user clicks to install Adobe Flash Player, the user will actually download and install malware. Websites that currently use the Adobe Flash Player plugin have been gradually reduced, and users do not need to install additional plugins if they use Google Chrome.

So if you see any prompts that the Adobe Flash Player plugin needs to be updated, you should be wary. This is the most common attack routine used by many hacker groups. Of course, if the user can’t tell the difference between true and false, it is recommended not to install it.