An eGobbler malvertising campaign leveraging a Chrome vulnerability that is targeting iOS users has been discovered by security researchers at Confiant.
Hackers exploiting unpatched #Chrome bug to target 500M #iPhone users
More: https://t.co/7NF7XSowsx#Security #Google #Bug #Vulnerability #Apple #eGobbler
— Hackread.com (@HackRead) April 17, 2019
Mike Bittner, Digital Security and Operations Manager at The Media Trust:
“While some researchers have found this malvertising campaign affecting only users of Chrome for iOS, we have seen it affect Safari users as well. This is significant because most iPhone users browse using Safari. The fraudulent reward pop-ups masquerading as ads from highly recognized retailers are taking advantage of JavaScript functions that are normally used to serve ads, exhibiting their familiarity with the digital ad supply chain’s advantageous reach. These malicious actors are becoming more complex in their malware authoring techniques. Today’s malware is increasingly polymorphic, sneaking past blockers through a combination of obfuscation, code switching, and malicious domain changes. AfterShock-3PC is a good example of these polymorphic malware, and if anything shows why blockers alone are not a security solution, but a band aid.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.