The emergence of malvertising campaigns is a growing concern in online marketing, that even heavy-weights like Google are still grappling with it. And there is a recent case of exploitation in Chrome for iOS, that allowed malware sites to successfully bypass the browser's inbuilt pop-up blocker on iOS devices to hijack over 500 million mobile sessions to show pop-ads.

While the hacking group, eGobbler was responsible for some massive malvertising campaigns in the past; the new campaigns that exploited Webkit-based browser vulnerabilities to run intrusive pop-up ads by forcefully redirecting users to malicious sites, have also been traced to the hacking group.

The hackers through the exploits were able to run several ad campaigns for free, evading what would have cost a very high budgets to display the ad impressions on high profile sites via legit ad networks.

According to security firm Confiant, the eGobbler hacking group started exploiting the new vulnerability in WebKit, which is the browser engine used by Apple Safari browser on both iOS and macOS, with Chrome for iOS and also earlier versions of Chrome browser for desktop, as it doesn't require clicking anywhere on legit websites they visit, neither spawns any pop-up ad.

The sponsored ads by eGobbler simply uses the WebKit exploit to redirect visitors to websites hosting the fraudulent malware immediately they press the "page down" or "key down" button on the keyboards when reading the content on legit websites.

This is possible because the Webkit vulnerability resides in a JavaScript function, known as the onkeydown event which happens each time a user presses key on the keyboard, allowing ads within iframes to break out of the security sandbox protections. Even the iOS pop-up on Chrome was not spawning as before, but the redirection on WebKit browsers still happens upon the 'onkeydown' event, according to the researchers.

However, Apple has fixed the WebKit flaw in the released iOS 13 and in the Safari browser 13.0.1, but Google is yet to fix it in Chrome.

Apple WebKit Flaw that opened up the browsers to Malvertising campaigns



The emergence of malvertising campaigns is a growing concern in online marketing, that even heavy-weights like Google are still grappling with it. And there is a recent case of exploitation in Chrome for iOS, that allowed malware sites to successfully bypass the browser's inbuilt pop-up blocker on iOS devices to hijack over 500 million mobile sessions to show pop-ads.

While the hacking group, eGobbler was responsible for some massive malvertising campaigns in the past; the new campaigns that exploited Webkit-based browser vulnerabilities to run intrusive pop-up ads by forcefully redirecting users to malicious sites, have also been traced to the hacking group.

The hackers through the exploits were able to run several ad campaigns for free, evading what would have cost a very high budgets to display the ad impressions on high profile sites via legit ad networks.

According to security firm Confiant, the eGobbler hacking group started exploiting the new vulnerability in WebKit, which is the browser engine used by Apple Safari browser on both iOS and macOS, with Chrome for iOS and also earlier versions of Chrome browser for desktop, as it doesn't require clicking anywhere on legit websites they visit, neither spawns any pop-up ad.

The sponsored ads by eGobbler simply uses the WebKit exploit to redirect visitors to websites hosting the fraudulent malware immediately they press the "page down" or "key down" button on the keyboards when reading the content on legit websites.

This is possible because the Webkit vulnerability resides in a JavaScript function, known as the onkeydown event which happens each time a user presses key on the keyboard, allowing ads within iframes to break out of the security sandbox protections. Even the iOS pop-up on Chrome was not spawning as before, but the redirection on WebKit browsers still happens upon the 'onkeydown' event, according to the researchers.

However, Apple has fixed the WebKit flaw in the released iOS 13 and in the Safari browser 13.0.1, but Google is yet to fix it in Chrome.

No comments