Protect Yourself From Stegano Malware on Internet Explorer

Researchers have found a malicious malware, called Stegano that has targeted millions of unaware users of Internet Explorer through popular websites. The scariest part about this malware is that it manages to go undetected for two years before anyone manages to detect it.

Stegano’s attacks begin as javascript-infected ads for a screenshot app called "Broxu" and a privacy tool called "Browser Defense". These ads are then pushed into larger ad networks, and later show up on major news sites that will eventually be visited by millions of unaware users.


When the infected ad shows up, Stegano scans, extracts and then runs a code that exploits an known Internet Explorer vulnerability. Once it confirms that the environment it is running in is indeed vulnerable, Stegano would load a one-pixel iframe offscreen that redirects the user to its landing page.

The landing page would then load a file that is capable of exploiting three different Flash vulnerabilities.

gif with cached data

The moment Stegano knows your machine is vulnerable, it will display a special GIF file that contains cached data. This malware-ridden image can be identified when you zoom into it, as it contains a QR-like code that isn’t particularly noticeable to the naked eye.

Finally, it will perform one last security check that scans for any security software. If the scan fails to detect anything that could expose it, the malware would download and launch the payload, leaving the infected machines with a backdoor, keylogger, screenshot maker and a video maker.


As Stegano relies on Internet Explorer and Flash to work, the simplest precaution is to avoid both. Researchers have also mentioned that the malware can be avoided by having fully patched software, that is, "a reliable, updated internet security solution".

Source: ESET