Team Confiant

 •  1 minute read

eGobbler Malvertiser Uses WebKit Exploit to Infect Over 1 Billion Ads

Roughly 1.16 billion ad impressions have been hijacked in a malvertising campaign operated by a threat group dubbed eGobbler to redirect potential victims to malicious payloads, between August 1 and September 23.

The group was previously observed by Confiant researchers in April while using a Chrome for iOS exploit to circumvent the browser's built-in pop-up blocker to deliver fake ads to 500 million sessions of users from the U.S. and multiple European Union countries in under a week.

While eGobbler's operations were previously focused on iOS devices, this time around, they targeted Windows, Linux, and macOS desktop devices in another extensive series of malvertising attacks.

The Webkit Exploit

Confiant's researchers found that the new campaign switched to a whole new exploit payload similar to the one used to target iOS users but with a new modus operandi designed to abuse WebKit browsers in a whole new way.

Read Complete Article: