Surge of malicious ads target iOS and macOS users

News
By
published

1bn malicious ads served in less than two months

(Image credit: Pixabay)

By exploiting zero-day vulnerabilities in Chrome and Safari, cybercriminals were able to serve over 1bn malicious ads to users in less than a two month period.

The attackers targeted both iOS and macOS users by leveraging known zero-day vulnerabilities (which have since been patched) to inject exploit code which redirected vulnerable users to malicious sites according to the security firm Confiant.

The threat actor eGobbler exploited a zero-day vulnerability in Webkit, the browser engine used in Safari and Blink, the Webkit fork used in Chrome, to generate successful redirects. 

The vulnerability, tracked as CVE-2019-8771, existed in a JavaScript function which occurs each time a user presses down a key on their keyboard. By exploiting the vulnerability, eGobbler was able to allow ads linked in HTML tags called iframes to break out of security sandbox protections that prevent a user from being redirected without their knowledge.

Malicious ads

Researcher and engineer at Confiant, Eliya Stein explained how the vulnerability worked in a blog post, saying:

“The nature of the bug is that a cross-origin nested iframe is able to “autofocus” which bypasses the “allow-top-navigation-by-user-activation” sandbox directive on the parent frame. With the inner frame automatically focused, the keydown event becomes a user activated navigation event, which renders the ad sandboxing entirely useless as a measure for forced redirect mitigation.”

After discovering eGobbler's latest campaign, Confiant reported its findings to both Google and Apple's security teams. The vulnerability was fixed in Chrome with the release of iOS 13 and a patch for Safari arrived shortly after with the release of Safari 13.0.1.

eGobbler has launched similar campaigns in the past and earlier this year one of its campaigns served an estimated 500m malicious ads by exploiting a similar vulnerability in the iOS version of Chrome. The threat actor's latest campaign was focused on luring European users to phishing pages based on their mobile provider.

Via Ars Technica

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
Latest in News
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
Hospital
Major Oracle outage hits US Federal health record systems
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
iPad Pro 13-inch 2024 on a table
The OLED iPad Pro is reportedly less popular than expected – and that could mean these changes to Apple's OLED iPad plans
Sam Porter cradles a baby
Death Stranding 2: On the Beach trailer confirms June release date and an even more harrowing post-apocalyptic world
The Ray-Ban Meta Coperni smart glasses
The new Ray-Ban Meta smart glasses design is an expensive disappointment
More about security
How to prevent cyberattacks

NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps

Agentic AI has “profound” issues with security and privacy, Signal President says
Workers at computers in an office

Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well
See more latest
Most Popular
Workers at computers in an office
Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well
Nvidia logo on a dark background
Nvidia's GeForce graphics driver woes continue for some users, despite 572.75 hotfix's overclock and black screen promises
Garmin Fenix 8 AMOLED watch on wrist
Garmin owners were confused about 13.35 software update for Fenix 8, here's what actually happened
An AI face in profile against a digital background.
Worried about DeepSeek? Well, Google Gemini collects even more of your personal data
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
iPad Pro 13-inch 2024 on a table
The OLED iPad Pro is reportedly less popular than expected – and that could mean these changes to Apple's OLED iPad plans
Chrome icon on Android
The US government still wants Google to sell off Chrome
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
The Ray-Ban Meta Coperni smart glasses
The new Ray-Ban Meta smart glasses design is an expensive disappointment
Hospital
Major Oracle outage hits US Federal health record systems