News

EGobbler Group Distributes Over 1 Billion Malicious Banners in 2 Months

The eGobbler cybercriminal group exploits vulnerabilities in the Google Chrome browser for iOS, as well as in the desktop versions of the Chrome and Safari browsers, to distribute malicious banners, display pop-up ads, and redirect users to malicious sites.

According to experts from Confiant, between August 1 and September 23 this year, criminals distributed malicious ads about 1.16 billion times. The victims of attacks were users in the USA and Europe, mainly in Italy.

“It’s not uncommon for their campaigns to compromise up to hundreds of millions of programmatic ad impressions in a matter of hours and the impact from their ongoing activity is felt across the United States and Europe. Over the past 6 months, the threat group has leveraged obscure browser bugs in order to engineer bypasses for built-in browser mitigations against pop-ups and forced redirections”, — report Confiant specialists.

In April of this year, experts recorded a large-scale malicious campaign, in which the eGobbler group exploited a vulnerability in the iOS version of Chrome. The issue affected Chrome exclusively for iOS and did not apply to Safari and other versions of Chrome.

Read also: Scammers found a new way to make money on Google Play

Now criminals are using a new vulnerability affecting WebKit – a browser engine implemented in versions of Chrome and Safari. For operation, the “onkeydown” event is used – a JavaScript function that runs every time you press a key. EGobbler uses it to display pop-ups when interacting with the site. According to the researchers, Apple fixed this problem with the release of iOS 13, a patch for Chrome is not yet available.

EGobbler usually acts quickly, and attacks last only a few days. In active periods, the group buys ads on legitimate services and injects malicious code into it. In this way, malware can go beyond the floating frame of an ad and perform actions in user browsers, including displaying pop-ups advertising various suspicious products or redirecting a user to a malicious site.

“Shockingly, we found that even when the sandbox parameters were present, a pop-up would be spawned when the user tapped on the parent page. The Chrome browser on iOS was impacted, whereas other mobile and desktop browsers successfully blocked the pop-up”, – write Confiant researchers.

For the first time, the eGobbler group became famous in February this year, when US residents faced a large-scale malicious advertising campaign, focused mainly on collecting personal and financial information from users. Over three days, 800 million cases of malicious ads were recorded.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

18 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

18 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

18 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

18 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

22 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

22 hours ago