A massive “malvertising” campaign is targeting iPhone users by exploiting a vulnerability in the Chrome for iOS browser.
“Malvertising,” short for malicious advertising, is essentially a technique in which a bad actor leverages legitimate web advertising to hide underlying code that can hijack a browser session and redirect users to a malicious page.
Worringly, security researchers at Confiant have come across a large-scale malvertising campaign that squarely targets iPhone users who use Google Chrome.
According to those researchers, a malicious entity known as eGobbler has infected legitimate advertising servers to deliver their malicious ads. Since the campaign started 10 days ago, eGobbler has successfully delivered ads to roughly 500 million iOS users.
The ads are just the vehicle for the malicious code, however. The malvertising campaign also exploits a vulnerability in Chrome to bypass its built-in pop-up blocker and sandboxing mechanisms.
The pop-ups that are able to make it through, can then hijack a user’s browsing section and redirect them to a malicious landing page.
As Confiant notes, eGobbler is benefiting in two ways from the malvertising.
For one, they receive standard advertising revenue from the ads. But they can also deliver malware or steal user data on the ad landing pages themselves. Presumably, more sensitive information is obtained through phishing techniques.
According to researchers, eGobbler is thought to be an organized crime group. The campaigns it carries out typically stay active for a few days before dying out, but the group often ramps up malvertising efforts close to certain holidays.
The vulnerability in Chrome currently remains unpatched, but researchers say they’ve alerted Google and the Mountain View tech giant is currently working on a fix.
It’s recommended that you update iOS and your Chrome browser as soon as a new software update is available. In the meantime, there are a few things you can do to protect yourself from the malvertising campaign.
- Use Apple’s Safari browser, it remains unaffected.
- Be careful about the sites you visit and any pop-up ads they deliver.
- If you are redirected to a suspicious landing page in a Chrome session, don’t click on anything on the site. Shut down your browser immediately.
- Similarly, it’s recommended that you stay away from any websites that deliver pop-up ads for at least 48 hours.