eGobbler iOS malvertising campanha Impactos meio bilhão de Sessões de usuários

eGobbler iOS malvertising campanha Impactos meio bilhão de Sessões de usuários

А series of rampant malvertising campaigns“ targeting iOS users have been detected. As campanhas segmentadas ambos os editores norte-americanos e europeus, e respectivamente usuários.

According to Confiant security researchers the malicious activities come from a known threat actor called eGobbler that earned its name due to the huge volumes of hits that their campaigns generate.

The hacker group has a tendency to “ramp up their buying around holidays and weekends”. Usually their campaigns peak in volume over a period of 36–48 hours before going into a state of hibernation until the next big push, os pesquisadores disseram.

eGobbler Malvertising Campaigns In Detail

The latest wave of attacks is associated with the use of the “.world” TLD for the landing pages. The volume of attacks is divided into 8 individual campaigns and more than 30 fake creatives (páginas de destino). The duration of the campaign is 6 dias, starting on Saturday, April 6th. Victims are located across the US and Europe.

De acordo com o relatório:

The fake ad campaigns themselves had lifespans in the 24–48 hour range, which is common with eGobbler. We estimate that over 500MM user sessions have been exposed beginning Saturday, April 6th. Even though eGobbler has recently been seen on many buy-side platforms, this entire campaign ran on just one the whole time.

The eGobbler threat actor is looking to compromise legitimate ad servers as well as some buy-side platforms. The hackers utilized cloaked intermediate CDN domains for their infection chain. In their attempt to lay low, the hackers also tried to “smuggle” their payloads in well-known client-side JavaScript libraries such as GreenSock.

o 8 individual campaigns that were introduced during the big storm following April 6 were staggered with new ones appearing approximately every two days. Each campaign had its own targeting, and its own lifespan, os pesquisadores descobriram.

During their analysis which included reverse engineering the payload, the researchers discovered techniques that leveragediOS Chrome’s detection around user activated pop-up detection, resulting in the circumvention of pop-up blocking“. O que isto significa? The payload’s main session hijacking mechanism was pop-up based. Em outras palavras, it turned out thatChrome on iOS was an outlier in that the built-in pop-up blocker failed consistently“. The researchers will provide an analysis of the payload and a proof-of-concept exploit for the vulnerability in Chrome on iOS in the near future, as the campaign is still active and the bug is unpatched.

The good news is that Chrome’s team has been notified of the bug about a week ago, and is currently investigating.

The overall impression of this extensive malvertising campaign is that the threat actors did their best. Compared to other such campaigns, this one was unique in both payloads and volumes. It is noteworthy that the campaign saw a strategic pivot on April 14 to another platform and continues to be active under “.site” TLD landing pages.

With half a billion user sessions impacted, this is among the top three massive malvertising campaigns that we have seen in the last 18 meses”, os pesquisadores concluíram.

relacionado: Campanha Malvertising RoughTed Derrotas Ad-Blockers.

RoughTed is another example of a quite successful malvertising campaign which was detected in 2017. RoughTed was a large-scale malvertising campaign which saw a peak in March the same year. Ambos os sistemas operacionais Windows e Mac foram alvo, bem como iOS e Android. A operação foi bastante raro em sua abrangência, ter usado uma variedade de abordagens maliciosos de explorar kits para scams online, como golpes de apoio falso tecnologia, atualizações falsas, extensões do navegador desonestos.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar