Skip to content
Log In
Request Trial

Malvertising Attack Hijacks 1B+ Sessions With Webkit Exploit

By | Published

Researchers have discovered a new wave of attacks launched by the threat group eGobbler where victims are redirected to websites with malicious payloads. Security experts believe eGobbler was behind this year’s prolific Easter malvertising attack. This time, more than 1 billion ad impressions were hijacked using a Webkit browser engine exploit.

The eGobbler threat group was first discovered in an April session-hijacking attack launched against half a billion Apple iOS users. That campaign exploited a Chrome flaw in iOS browsers, to hijack iPhone and iPad user sessions (which has since been fixed).

This time around, eGobbler is targeting Safari browsers on iOS and macOS devices, as well as Chrome browsers on iOS devices, said Eliya Stein, a researcher with Confiant who also posted a blog outlining his findingon Monday. This latest campaign, which has garnered up to 1.16 billion impressions between Aug. 1 and Sept. 23, exploits an issue with WebKit, a browser engine used in Apple’s Safari browser, he said.

Read Complete Article:

Share this story

Subscribe to our newsletter to stay up to date on the latest trends and emerging threats.

Take Us For A Spin

Request a trial and see how it feels to have Confiant on your side.

Request Trial