The holiday season is often when malware attackers strike the hardest. users are often at their most relaxed and advertising companies are at their most unstaffed.
Security company Confiant identified a new malvertising campaign that targets users of Apple’s iOS platform. The threat actors are called eGobbler, and they make use of popups and redirects to trick hapless consumers into giving away their data.
According to Confiant:
Like other bad actors, eGobbler leverages cloaking techniques and obfuscation to make their payloads look like legitimate ads, but a closer look at the payload behind these recent attacks reveals a very special twist.
We tested the payload across over two dozen devices, both physical and virtual. The tests included variations in platform, operating system, browser, desktop, and mobile. The malicious code itself has hard-coded logic that targets iOS, so we removed that condition in order to see the results of the full execution on all of the devices that we tested. We also split test this experiment between sandboxed and non-sandboxed iframes.
Right away we were surprised to find that the payload’s main session hijacking mechanism was pop-up based, and furthermore, Chrome on iOS was an outlier in that the built-in pop-up blocker failed consistently.
Google is aware of the bug and will be addressing it on its end.