720-891-1663
The eGobbler hacking group is running a new campaign targeting Apple users by exploiting a webkit flaw that compromises Safari and Chrome.
The attack is big business. They BUY massive amounts of ads using legitimate ad networks.
Once they buy the ads, they use them to compromise user’s Apple devices by exploiting flaws in Apple’s webkit software.
The goal is to force you to a particular web page or web site with no user interaction. The previous campaign bypassed Apple’s popup blocker and hijacked 500 million sessions in ONE WEEK. Below is an example web site that users were redirected to.
While Chrome fixed the bug in its browser that the last attack used, this new attack – double the size of the last attack – is exploiting a bug in Webkit, which will no doubt be patched by Apple soon. This particular attack does not require the user to click on anything and it does not generate a visible popup. If it is patched, look for these guys to move on to the next bug.
What is does is force users to web sites that display fraudulent ads or deliver malicious content.
For more details on the attack, read the article at the Hacker News.