Massive Two-Day Malvertising Surge Targets iOS Users

Cybersecurity firm Confiant identified a malvertising campaign affecting iOS users since August, including a massive activity spike from November 12-13. In those 48 hours, over 300 million mobile browser sessions were hijacked by malicious ads and rerouted to gift card scams and adult content sites. The two-day surge in activity can be attributed to the threat actors, dubbed ScamClub, gaining access to a popular, top-five ad exchange. Confiant stated that the campaign affected 57 percent of their customers, 99 percent of which were in the US. ScamClub carried out the attacks using only two domains, hipstarclub[.]com and luckstarclub[.]com, and attempted to collect users’ personal and financial information. The domains managed to avoid detection due to their ability to identify when a virtual environment was loading an ad for analysis, and, if so, forgo any redirects. The ad exchange has since removed ScamClub’s malicious ads, but the group continues to engage in malvertising activity. The NJCCIC highly recommends installing a reputable anti-virus/anti-malware solution and ad blocker. For more information on this campaign, review the Confiant blog post and ZDNet article.

AlertNJCCICiOS, Malvertising