In today’s digital age, online users have become much more demanding about the quality of the websites or applications they are using. They have come to expect an optimized user experience as a basic requirement and HTML5 has played a key role in enabling developers to improve user experience, without the security risks associated with plugins like Flash. Indeed, after the series of reported Adobe Flash vulnerabilities in recent years, browser vendors, publishers and developers have turned to HTML5, which seemed to promise greater security and more advanced features. As a result, the percentage of websites that use HTML5 has grown to 70 percent.
However, despite HTML5 being universally supported on various devices as well as web and mobile platforms, it has a security issue of its own. Over the last couple of months, The Media Trust Digital & Security Operations team discovered numerous malware incidents that calls into question HTML5’s security reputation.
Hiding in plain sight
The malware uses JavaScript commands to hide within HTML5 creative to avoid detection and is designed to lure victims to enter their information in response to a pop-up ad. Their information will then be stored and used for malicious purposes.
What makes this malware unique is that it breaks into chunks, making it hard to detect, and reassembles when certain conditions are met. This malware is quickly coursing through the digital marketing and media world and is responsible for over 20 separate incidents affecting online media publishers across the globe and at least 15 ad networks.
This attack vector is one of the latest examples of how malware developers are constantly on the lookout for new, creative ways of exploiting the open standards’ basic functionality to launch their attack.
However, this is not the first encounter of HTML5 malware. In 2015, as the retreat from Adobe Flash began, security researchers discovered several techniques attackers could use to take advantage of HTML5 code. Those techniques involved the use of APIs, which in turn employed the same obfuscation-de-obfuscation JavaScript commands in delivering drive-by malware. The following year, the malware was used to freeze computers and secretly obtain user’s personal information, including phone numbers. This year’s incidents are different as they require no interaction with the victim and are designed with a higher level of coordination compared to earlier versions.
Indeed, the campaign reflects the hacker’s knowledge and understanding of the display advertising supply chain and their ability to recognize potential victims. The result is quicker, more successful attacks with a much wider scale of infection.
Throughout the years, no version of the HTML5 malware has been stopped by antivirus solutions. For more information head over to the source link
Source: CSO
No comments:
Post a Comment