Wednesday, June 3, 06:30
Home security Malvertising campaign uses WebKit Exploit and infects 1 billion ads

Malvertising campaign uses WebKit Exploit and infects 1 billion ads

MalvertisingSecurity investigators have discovered a new one malvertising campaign, motivated by hacking team eGobbler. The campaign took place between 1 August and 23 September. Hackers affected 1,16 billions advertisements, to redirect victims to malicious payloads.

In April, the researchers Confiant had discovered another campaign by the same group. Hackers took advantage of an exploit that helped them bypass its built-in pop-up blocker browser to spread fake ads to millions of users in the US and Europe in less than a week.

Earlier attacks on eGobbler focused on Appliances iOS. The new malvertising campaign, however, also targets systems Windows, Linux and macOS.

WebKit exploit

The researchers found that the hackers used a new one exploit payload, similar to the one used to target iOS users. However, the new payload has new features that affect WebKit browsers in a whole new way.

"This time, iOS Chrome pop-up wasn't created as before, but we were actually redirected to WebKit browsers."

Hackers use an inframe that takes advantage of keystrokes. When users press a key, they are considered to be surfing the web, so the sandboxing feature for the ads does not prevent redirects.

“It is worth noting that the campaign behind this payload was targeted world wide web applications with text boxes and search forms to maximize the chances of these keypresses being misused ”, said Confiant.

Both the Chrome team and Apple were informed of the error in August, when researchers discovered the malvertising campaign.

Chrome developers have released one patch for WebKit on August 12. Apple, on the other hand, fixed the issue in September with iOS 13 and the Safari 13.0.1 version.

"The eGobbler's preference for desktop platforms during this campaign has to do with WebKit exploit, as it takes advantage of keystrokes," Confiant explained.

The new campaign shows that the eGobbler team has changed the way it attacks. Previously, it focused on providing malicious payloads to mobile devices.

In her latest attacks, eGobbler has exploited various supply networks content (CDNs) for delivering its payloads.

Confiant researchers had discovered a similar campaign in November of 2018, from the team ScamClub. The hackers had affected about 300 millions of iOS users, redirecting them to adult content sites and other fake sites.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...