November 27, 2022


Thinking Security ! Always

iOS Shady Sites

A cybercrime group specialized in showing malicious ads has abused an unpatched zero-day vulnerability in WebKit-based browsers to break security restrictions and redirect users from legitimate portals to shady sites hosting online gift card scams known to be ScamClub discovered three years back targetting iOS users with malicious ads

Recent operation also follows this pattern.Confiant said it saw the group abuse a novel method to allow the malicious code that it typically hides in ad slots to break out of the ad slot’s iframe HTML element’s sandbox, a security system that prevents the code from interacting with the underlying website.

Using a quirk in how the Webkit browser engine handles JavaScript event listeners, the ScamClub group has been delivering malicious ads for the past months that redirected users from legitimate sites to shady domains hosting gift card scams, similar to what they’ve done in previous campaigns in previous years.

The vulnerability abused in these malvertising campaigns only worked with browsers using the open-source WebKit engine. This includes Apple’s Safari and Google Chrome for iOS.

Victims of this malvertising campaign will be hard to trace. Anyone who bought gift cards from unofficial websites using a Safari or Chrome for iOS browser can be considered a candidate. If they shared payment card details with these sites, users might need to check their payment card history for any suspicious transactions, which might suggest that the group might have abused or shared their financial details with other scam groups.

Confiant has released a list of sites where the ScamClub group hosted gift card scams as part of its recent malvertising campaign. Users can check their browser history to see if they accessed any of these sites before taking other steps to secure their payment card data.

%d bloggers like this: