Most malware that pops up online targets Windows, but Apple’s platform is not immune. There’s a particularly sneaky new piece of malicious code floating around the web that hides in plain sight to attack macOS. The so-called VeryMal payload makes its way into computers by way of ad image files impregnated with a steganography-based payload.
For the unaware, steganography is the process of integrating text or data into an image file. Running the operation in reverse, it’s possible to extract that data from the image. That data could be anything — there’s nothing inherently harmful about steganographic images or image files in general. When you add malicious code and tools to extract and execute it, that’s when things get problematic.
If the user installs the malware package, they end up with a malvertising bot that runs in the background. It clicks on ads to generate revenue for those behind the scam. As with most malware, the best defense against VeryMal is a little common sense. You might also want to use an ad blocker, something Google might make much harder in the future.