Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug (Apr 18, 2019)
The threat group called “eGobbler” is believed to be responsible for conducting one of “the top three massive malvertising [malicious advertising] campaigns” observed in the past 18 months that has impacted 500 million user sessions, according to Confiant researchers. Clicking upon one these malvertisements or pop-ups will begin the downloading process for a malicious payload that is used hijack user sessions. This campaign is exploiting an unpatched bug in the Google Chrome browser for iOS that can allow the actors to hijack user sessions. eGobbler’s objective is to utilize the session hijacking to redirect mobile web browser users to another site or used to display a pop-up that cannot be exited out of. Researchers observed that 35% of all the advertisements “are served through sandboxed cross-origin iframes” and that the actors are primarily using the “.world” top level domain, the latter which could help identify this campaign. eGobbler is primarily targeting users in the US with this campaign beginning on April 6 and composed of eight separate campaigns with the malvertisements lifespan lasting 24-48 hours.
Recommendation: Users should be cautious when clicking on advertisements because as this story portrays, advertisements can sometimes result in malicious activity. If the advertised product is appealing, it would be safer to search for the product on the authentic website of the company who is selling the product, or other trusted online shopping locations.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.