Well that's what someone told me, apologies. Still though, not good regardless. I'll go back and edit my posts. Thank you.
Hence the "malicious" in malicious code, it using exploits in the browser etc.
A potentially large update - if you had an account on Mixtape/gitgud/any of their services, assume it's been compromised.
https://blog.sapphire.moe/sapphire-2019-data-breach/
Thanks for sharing that. I've been looking for something like this for ages.
First of all, data after the image ends is generally ignored, second, I suspect there might be some explotability in how some browsers parse exif data or some shit, but that's not really something a site should worry about it, why do we even have exif data if all hosts strip it? it's pointless.
It won't execute on its own but it's a good way to distribute malware that'll be downloaded by a dropper. Most malware nowadays is executed by a dropper. The dropper is relatively simple to try and avoid detection. They're often built using javascript or vbs and are run through the windows script host. The trick here is image hosting sites aren't thought of as file hosting so they have better reputations with AVs, leading to less of a chance of blacklist.
It the dropper is detected as malicious, it doesn't burn the payload right away assuming it's obfuscated well enough. It'll ship it off to the AV vendor who will then have to either deobfuscate it or just run it to obtain the payloads.
Sorry, you need to Log In to post a reply to this thread.