News - Confiant

Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug

Written by ThreatPost | Apr 18, 2019 4:00:00 AM

About a half a billion Apple iOS users (and counting) have been hit by session-hijacking cybercriminals bent on serving up malware. They’re exploiting an unpatched flaw in the Chrome for iOS browser, to bypass sandboxing and hijack user sessions, targeting iPhone and iPad users.

The attacks are the work of the eGobbler gang, researchers said, which has a track record of mounting large-scale malvertising attacks ahead of major holiday weekends. Easter is coming up, and the crooks are banking on consumers spending a lot more time than usual browsing the web on their phones.

Session hijacking occurs when a user is browsing a web page and is suddenly redirected to another site or landing page, or when a pop-up appears that one can’t exit out of. The pages look like ads from well-known brands; but in reality, if a user clicks on one of them, a payload is deployed.

In this case, “the campaign…is currently still active under ‘.site’ TLD landing pages,” said Eliya Stein at Confiant, in an analysis this week. “With half a billion user sessions impacted, this is among the top three massive malvertising campaigns that we have seen in the last 18 months.”

The offensive is mainly targeting U.S. users, though some European activity has been observed.

Meanwhile, at least one other research firm said that the attack is effective against Apple Safari users as well – opening up a much larger threat surface, given that most iOS users make use of Apple’s default browser for mobile web surfing.

Read Complete Article: https://threatpost.com/easter-attack-apple-ios/143901/