Researchers have discovered a new wave of attacks launched by the threat group eGobbler where victims are redirected to websites with malicious payloads. Security experts believe eGobbler was behind this year’s prolific Easter malvertising attack. This time, more than 1 billion ad impressions were hijacked using a Webkit browser engine exploit.
The eGobbler threat group was first discovered in an April session-hijacking attack launched against half a billion Apple iOS users. That campaign exploited a Chrome flaw in iOS browsers, to hijack iPhone and iPad user sessions (which has since been fixed).
This time around, eGobbler is targeting Safari browsers on iOS and macOS devices, as well as Chrome browsers on iOS devices, said Eliya Stein, a researcher with Confiant who also posted a blog outlining his finding on Monday. This latest campaign, which has garnered up to 1.16 billion impressions between Aug. 1 and Sept. 23, exploits an issue with WebKit, a browser engine used in Apple’s Safari browser, he said.