VeryMal Mac malware hides data within images

“A recent malware distribution campaign dubbed ‘VeryMal’ leverages an ancient technique called steganography — the hiding of secret information in plain sight — to distribute Mac malware,” Joshua Long reports for Intego. “The VeryMal campaign was caught distributing OSX/Shlayer, which was originally discovered by Intego researchers one year ago.”

“Although the concept of steganography has been around for hundreds of years, it is not something we see in a lot of Mac malware campaigns,” Long reports. “The VeryMal campaign used some cleverly crafted JavaScript code to look for secret information stored within a seemingly innocuous JPEG image file. The hidden data tells the site where to go to find the malware.”

“Users of Intego VirusBarrier X9 (part of Intego’s Mac Premium Bundle X9 suite) were already protected from this threat before the discovery of the VeryMal campaign,” Long reports. “If you aren’t a VirusBarrier X9 user and you think you might have downloaded a fake Flash Player, you can scan your Mac with VirusBarrier Scanner (available for free on the Mac App Store) to check for any infections.”

Read more in the full article here.

MacDailyNews Take: Let’s be careful out there!


  1. Long time user of Intego security products. They are Mac only. Also use the eero plus which leverages ZScaler security technology on the home WiFi without slowing the network.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.