According to cyber forensics course specialist from the International Institute of Cyber Security (IICS) a cybercriminal group identified as eGobbler has been exploiting a vulnerability in Chrome for iOS operating system for the purpose of attacking the iPhone device users with an exploit that delivers them malvertising; it is estimated that about 500 million users around the world have been infected.
Malvertising is an attack method in which
hackers show users harmless-looking advertising; in fact, these ads contain
code that redirects victims to malicious web sites, commented cyber forensics
Reports on the attack campaign deployed by eGobbler
have concluded that theses threat actors have infected legitimate advertising
servers, which they have used to display ads that will deploy the malicious pop-up
The payload used by this group of hackers has
two functions: generate money with the ads displayed and the ability to
redirect the user to fraudulent websites where they will try to extract their
personal data or infect with malware. Cyber forensics course specialists consider
that it is a well organized and powerful cybercriminal group talking about
deploying its malicious payloads.
As for the vulnerability that is being
exploited, the Chrome version for iOS works with sandbox
technology, which prevents the advertising injection code from interacting with
other system’s components in a potentially risky way.
However, in some way this group of hackers
managed to bypass the sandbox environment to deliver the malicious payload
directly to iPhone users. It is necessary that the security teams of the
companies involved know how this happens in order to launch the update patch
for the vulnerability.
“It’s a really unusual cyber attack
campaign; in theory, iOS sandbox environment should be able to block
redirection to malicious sites or content, however, it has not been able to
stop these attacks”, as mentioned by specialists from a cybersecurity