More than 100 publisher websites, including online newspapers and magazines, have been compromised to redirect users from iPhone devices to malicious websites, report various ethical hacking firms.
If an iPhone user visits any of the affected sites, they could be redirected to a malvertising-plagued website, part of a process that culminates in the theft of user login data and browsing cookies thanks to a new malware identified by what experts such as “Krampus-3PC”.
Part of the attack is to display a pop-up with purported discounts for a grocery store; If a visitor gets to click on the ad, they will be redirected to a phishing page where the threat actors will try to collect login credentials to try to compromise other online accounts of the victim.
In addition, ethical hacking experts claim that this malware is able to collect the phone numbers of victims, so that hackers can perform other malicious actions, such as sending phishing SMS messages and crafting cookie identifiers. “The cookie ID allows Krampus-3PC to take control of the victim’s browser and extract login credentials”, the report mentions.
There is still no indication of the identity of the hackers responsible for this malicious campaign, although its mode of operation has already been identified. To get started, hackers placed an ad for distribution through the Adtechstack provider. They then used the platform API to insert fake code; finally, the provider sold access to publisher pages without knowing about the presence of the malicious code.
Online publishers and adtech companies often use popular malware blocking tools to prevent such incidents. However, the developers of Krampues-3PC provided the malware with the ability to evade conventional scanning software. The names of the compromised pages were not disclosed.
Ethical hacking specialists at the International Institute of Cyber Security (IICS) believe that the creators of this malware actually invested great resources for its development. In addition, they rule out the possibility that Krampus creators are inexperienced hackers, as it is a highly sophisticated development and employs a novel and difficult-to-stop attack method.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.