According to cyber forensics course specialist from the International Institute of Cyber Security (IICS) a cybercriminal group identified as eGobbler has been exploiting a vulnerability in Chrome for iOS operating system for the purpose of attacking the iPhone device users with an exploit that delivers them malvertising; it is estimated that about 500 million users around the world have been infected.
Malvertising is an attack method in which hackers show users harmless-looking advertising; in fact, these ads contain code that redirects victims to malicious web sites, commented cyber forensics course specialists.
Reports on the attack campaign deployed by eGobbler have concluded that theses threat actors have infected legitimate advertising servers, which they have used to display ads that will deploy the malicious pop-up window.
The payload used by this group of hackers has two functions: generate money with the ads displayed and the ability to redirect the user to fraudulent websites where they will try to extract their personal data or infect with malware. Cyber forensics course specialists consider that it is a well organized and powerful cybercriminal group talking about deploying its malicious payloads.
As for the vulnerability that is being exploited, the Chrome version for iOS works with sandbox technology, which prevents the advertising injection code from interacting with other system’s components in a potentially risky way.
However, in some way this group of hackers managed to bypass the sandbox environment to deliver the malicious payload directly to iPhone users. It is necessary that the security teams of the companies involved know how this happens in order to launch the update patch for the vulnerability.
“It’s a really unusual cyber attack campaign; in theory, iOS sandbox environment should be able to block redirection to malicious sites or content, however, it has not been able to stop these attacks”, as mentioned by specialists from a cybersecurity firm.