Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

eGobbler hackers used Chrome bug to deliver 500Million+ ads to iOS users

Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users Threat actors tracked as eGobbler developed a new exploit that is allowing them to serve more than 500 million malicious ads to iOS users. The group tracked as eGobbler is exploiting a security flaw in the Google Chrome browser to target millions of […]

Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users

Threat actors tracked as eGobbler developed a new exploit that is allowing them to serve more than 500 million malicious ads to iOS users.

The group tracked as eGobbler is exploiting a security flaw in the Google Chrome browser to target millions of iOS users.

Experts at security firm Confiant tracked the campaign since April 6, they estimate that more than 500 million malicious ads have been already served to iOS users.

The users are being redirected to scam “You’ve won a gift card” landing pages hosted on the “.world” TLD top-level domain previously associated with eGobbler.

egobbler malvertising

Google is already working on a fix to address the bug in its browser.

According to Confiant, the flaw ties the way the Chrome browser for iOS handles pop-ups. Chrome implements ad sandboxing features to limit the interaction of the code used to insert ads into a Web page with other components.

In a normal condition, the ad sandboxing features should prevent a pop-up from being launched unless the user explicitly enables it, but the bug in Chrome allows attackers to bypass the protection mechanism.

“The fact that this exploit is able to bypass that need for user interaction should be impossible according to the same-origin policy as it pertains to cross-origin iframes.” reads the analysis published by Confiant.

“Furthermore, this completely circumvents the browser’s anti-redirect functionality, as the attacker no longer needs to even spawn a redirect in order to hijack the user session.

We believe that this exploit was key in magnifying the impact of this attack. Where standard sandboxing rules like the ones above would ultimately succeed in blocking certain redirections, they consistently failed to protect users from this campaign on iOS Chrome”

Experts tracked eight individual malvertising campaigns associated with
eGobbler, mostly targeting iOS users in the US over a six-day period starting April 6. Each campaign has lasted between one to two days,

“The typical entry points for eGobbler campaigns are legitimate ad servers that they infect coupled with one or more buy-side platforms.

They use cloaked intermediate CDN domains as part of their ad delivery. Quite often these domains sit behind at least a single layer of client-side fingerprinting.

In attempt to fly under the radar, eGobbler attempts to smuggle their payloads in popular client-side JavaScript libraries such as GreenSock.

Experts believe that eGobbler attackers are launching other campaigns targeting another unnamed platform.

Confiant decided to give Google Chrome security team the time to address the flaw before releasing more details on the exploit.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, eGobbler)

[adrotate banner=”5″]

[adrotate banner=”13″]