Attackers exploited a zero-day vulnerability in Chrome and Safari web browsers and served up more than 1 billion malicious ads to users between August and September, said security firm Confiant.
Malvertisements, or malicious advertisements, are particularly insidious types of attacks because they can redirect users from the sites they are on to other malicious sites or execute code on the user’s computer. The user typically doesn’t need to click on the ad itself, or engage with the ad, to become a victim.
The threat actor eGobbler racked up a “staggering volume” of impressions over a six-week period starting in August as part of their latest malvertisement campaign, Confiant said. Users were redirected to phishing pages spoofed to look like the target’s mobile provider. The attacks seem focused on stealing credentials and user information and less on executing code.
"By our estimates, we believe up to 1.16 billion impressions have been affected"
Confiant researcher and engineer Eliya Stein
Read Complete Article: https://duo.com/decipher/egobbler-malvertising-campaign-targets-safari-chrome-users