Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New Chrome exploit allows eGobbler threat group serve malvertisements on iOS devices


According to cyber-security company Confiant, which works for tracing down malvertising campaigns, one fresh exploit, a creation of eGobbler, lets the developer distribute malicious advertisements. Confiant has been watching over eGobbler's campaign from the time it was started on April 6. The security vendor computes that over 500m malvertisements have been thrust into people's devices featuring the iOS protocol. The malicious ads divert end-users onto a scam landing web-page campaigning them as winners of one gift card. The web-page is hosted on an extremely popular domain having an earlier association with eGobbler.


Malware concealed inside online ads because of the exploit forces out from the technology utilized for loading ad slots- the sandbox iframes- while diverts the victimized end-user onto another website, alternatively displays a disturbing popup on certain legitimate website. Senior Security Engineer Eliya Stein at Confiant tells that the exploit solely affects Chrome, Google's web browser, for iOS leaving all the remaining Chrome versions unaffected.


Stein explains eGobbler's exploit, which has proved so successful, necessarily so manipulates Chrome used on iOS devices that the browser lets pop-ups even when no user directly interacts. The exploit inside Chrome is where pop-up blocker, inherent in Chrome, plays. Every edition of Chrome pertaining to the iOS is affected. Since the eGobbler bug lets an end-user to be diverted via a pop-up, all of the usual sandboxing defenses, which Chrome possesses vis-à-vis diversions in the browser, particularly not letting JavaScript to play, seem doubtful, according to Stein. He says his company thinks the bug as fundamental in expanding the related attack's impact. www.zdnet.com posted this, April 16, 2019.


It is in the way wherein Google's Chrome browser active on iOS devices deals with pop-ups that the problem arises. As is normal with all Web-browsers, Chrome includes features of ad sandboxing for making sure that whenever a code is utilized for injecting ads to any web-page that code solely can conduct interactions with other elements in a limited way. The attackers could insert 30+ malvertisements onto lawful, however, earlier hijacked ad servers as well as utilized masked 3rd-party CDN domains for the delivery of their advertisements.


» SPAMfighter News - 4/23/2019

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page