Malvertising Campaign Affects Over 500 Million iOS Users

Malvertising attacks have targeted iOS users, using a Chrome browser for iOS vulnerability to bypass the browser’s built-in pop-up blocker. The primary goal is session hijacking, in which the user taps the pop-up and is redirected to another website or landing page. Confiant researchers have attributed the attack to known threat actor e-Gobbler, which typically uses “.world” TLD for their landing pages. E-Gobbler also tends to increase efforts around holidays and weekends. Over 500 million iOS user sessions have been impacted thus far, making this one of the top three massive malvertising campaigns in the last 18 months. The NJCCIC recommends iOS users to utilize other web browsers and avoid using Chrome until updates are made available. Users should refrain from clicking on pop-ups and instead navigate directly to the desired site. Please see Confiant's blog for more details.