Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
According to Confiant experts, eGobbler first hit after the eyes of experts in the fall of 2018, and is now considered one of the most serious groups in the field of malicious advertising. Usually the group is activated for a short time, during major holidays. For example, in February 2019, when the United States celebrated Presidential Day, hackers showed American users more than 800 million malicious advertisements that brought victims to fake tech support sites and phishing resources.
During such spikes in activity, hackers buy ads from legitimate services and inject malicious code into ads so that their exploits go beyond the safe iframe ads and perform malicious actions in browsers. The group mainly targeted mobile devices, as most of their users do not use ad blockers, and mobile browsers are not as well protected from exploits as their desktop counterparts.
Now, Confiant experts have released a new report, which says eGobbler is still actively exploiting bugs in browsers. Thus, hackers used their first exploit for 0-day vulnerabilities in April this year. At that time, the attack only affected Chrome for iOS users, and eventually the CVE-2019-5840 vulnerability was patched in June with the release of Chrome 75. However, eGobbler continued to exploit the bug even after the patch was released, targeting users who were unable to update Chrome. ...
The researchers write that this summer, shortly after Google developers fixed a vulnerability in Chrome for iO, hackers discovered another problem that is useful for their activities. The new bug affects the WebKit engine that older versions of Chrome use, as well as Safari. As a result, both browsers were at risk, because the current Chrome engine (Blink) is based on WebKit and still uses parts of the old code.
The bug is exploited through the onkeydown event, a JavaScript function that is executed each time a key is pressed. eGobbler exploits a vulnerability to display pop-ups to victims when users interact with the site by pressing keys.
According to Confiant, only Apple engineers have fixed this vulnerability so far (in iOS 13, released last week). Google has yet to release a fix, which means Chrome users are still vulnerable.
Since the second vulnerability affects not only mobile versions of browsers, the grouping has extended its operations to desktop users. Between August 1 and September 23, the researchers reported that eGobbler was distributing malicious ads at a staggering rate and was able to deliver approximately 1.16 billion impressions of dangerous ads.
The group no longer targets only US iOS users, but also attacks the desktop browsers of European users. Italians have suffered the most from such attacks so far.
