eGobbler, a threat group recently targeted iOS users from
the U.S. alongside various European Union Countries through numerous massive
malvertising attacks for almost a week and utilized Chrome for iOS
vulnerability to sidestep the browser's built-in in pop blocker.
The said threat group utilized "8 individual campaigns
and more than 30 fake creatives" all through their push, with every one of
the fake ad crusades having life spans of somewhere in the range of 24 and 48
hours.
As per the Confiant researchers who found and observed
eGobbler's iOS-targeted attacks, approximately 500 million users' sessions were
somehow exposed to this extensive scale coordinated campaign pushing
counterfeit promotions i.e. fake ads.
As found by Confiant's specialists eGobbler's campaigns more
often than not remain active for a maximum limit of 48 hours, quickly pursued
by brief times of hibernation which unexpectedly end when the next attack
begins.
Some of them are even seen to have used landing pages
facilitated on .world domains utilizing pop-ups to hi-jack users' sessions and
divert the unfortunate casualties to vindictive pages, as this technique helps
the attackers in phishing as well as in malware dropping purposes.
Anyway this campaign was not the first of its kind designed
by the eGobbler malvertising group to explicitly target iOS users, as in
November 2018, Confiant observed one more campaign kept running by the ScamClub
group which figured out how to capture approximately 300 million iOS user
sessions and diverted them all adult content and gift voucher tricks.
Be that as it may, as Confiant said in their report, "This
really was a standout campaign compared to the others that we track based not
only on the unique payload, but the volumes as well?"
They later included that “With almost half a billion user
sessions impacted, this is among the top three massive malvertising campaigns
that we have seen in the last 18 months."
