SCmagazine • Just a short read!
High-volume eGobbler malvertising attack exploits zero-day Chrome bug
A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack.
Dubbed eGobbler by researchers at Confiant, the threat actor from April 6-10 ran a massive operation consisting of eight individual campaigns and more than 30 fake creatives. Each mini-campaign lasted around two days and had its own unique targeting, although most affected publishers were based in the U.S.
In a company blog post, Confiant researcher Eliya Stein said the operation was among "the top three massive malvertising campaigns that we have seen in the last 18 months."