A cybercrime group specialized in showing malicious ads has abused an unpatched zero-day vulnerability in WebKit-based browsers to break security restrictions and redirect users from legitimate portals to shady sites hosting online gift card scams known to be ScamClub discovered three years back targetting iOS users with malicious ads

Recent operation also follows this pattern.Confiant said it saw the group abuse a novel method to allow the malicious code that it typically hides in ad slots to break out of the ad slot’s iframe HTML element’s sandbox, a security system that prevents the code from interacting with the underlying website.

Using a quirk in how the Webkit browser engine handles JavaScript event listeners, the ScamClub group has been delivering malicious ads for the past months that redirected users from legitimate sites to shady domains hosting gift card scams, similar to what they’ve done in previous campaigns in previous years.

The vulnerability abused in these malvertising campaigns only worked with browsers using the open-source WebKit engine. This includes Apple’s Safari and Google Chrome for iOS.

Victims of this malvertising campaign will be hard to trace. Anyone who bought gift cards from unofficial websites using a Safari or Chrome for iOS browser can be considered a candidate. If they shared payment card details with these sites, users might need to check their payment card history for any suspicious transactions, which might suggest that the group might have abused or shared their financial details with other scam groups.

Confiant has released a list of sites where the ScamClub group hosted gift card scams as part of its recent malvertising campaign. Users can check their browser history to see if they accessed any of these sites before taking other steps to secure their payment card data.

goodluckpig.space
goodluckman.space
goodluckguy.space
goodluckdog.space
luckytub.xyz
luckyguys.xyz
luckyguys.top
hknewgood.xyz
hknewgood.top
usgoodwinday.top
usgoodwinday.xyz
2020workaffnew.top
vip.peopleluck.xyz
vip.fortunatefellow.xyz
vip.fortunateman.xyz
vip.fortunatetime.xyz
vip.fortunatepeople.xyz
vip.luckydevil.xyz
vip.superlucky.xyz
vip.luckydraw.space
vip.hipstarclub.com
workcacenter.space
trkcenter.xyz
trkingcenter.xyz
gotrkspace.xyz
trkmyclk.space
dbmtrk.xyz
trkmyclk.xyz