A new malvertising attack uses polyglot images to hide the malicious payload. The malicious code is hidden in a BMP type of picture and it is heavily obfuscated. When loaded in the browser, it would turn into a scrambled message that makes sense once passed through a decoder also included in the image. The attacker also obfuscated the script that can descramble the exploit. The content is delivered via Cloudfront, the content delivery network from Amazon Web Services. The URL’s purpose is to “redirect the victim off of the page they were visiting”””
Source: https://www.bleepingcomputer.com/news/security/malvertising-attack-sneaks-javascript-payload-in-polyglot-images/