Over the past six months, a criminal group specialized in showing malicious ads (malvertising) has used two obscure browser bugs to bypass browser security protections and successfully show intrusive popup ads and redirect users to malicious sites.
The group's name is eGobbler and has been active since last Thanksgiving when security researchers spotted its first malvertising campaigns.
eGobbler typically operates in short bursts of activity that only last a few days. During these bursts, the group buys ads on legitimate services but injects malicious code inside the adverts so their exploits break out of the ad's secure iframe container and perform malicious actions inside users' browsers, untethered.
Commonly, these actions involve showing popup ads for various shady products, or redirecting the user to a malicious site hosting scams or malware-laced downloads.
Historically, the group has targeted mobile devices, where most users don't employ ad blockers, and where browsers are not as hardened against exploits as their desktop counterparts, making their campaigns many times more effective.
But in a report shared privately with ZDNet last week, Confiant, a cyber-security firm specialized in tracking malvertising campaigns, said the group found a second bug over the summer, right after Google devs patched the Chrome for iOS exploit. It's like the group intentionally went looking for a new bug to exploit, and found it a few months later, in August.