It seems that a malvertiser known as eGobbler has been exploiting multiple browser security flaws to display invasive pop-up ads and to redirect users to malicious websites. This comes from security researchers at Confiant who said that in April they noticed eGobbler exploiting a bug in Chrome for iOS, which enabled them to bypass the built-in pop-up blocker in the OS to overwhelm users with ads. The exploit also enabled them to redirect users to malicious sites. Confiant researchers notified the Chromium team about the bug (CVE-2019-5840), which eventually got patched in June with the release of Chrome 75.
Then in August they saw the same thing as the same actor started exploiting flaws in WebKit, the browser engine working at the core of older Chrome versions and Apple’s Safari and Blink, the Webkit fork used in recent versions of Chrome. Both Apple and Google were alerted to this. And Apple released a patch for WebKit in three days and closed the bug in both iOS 13 and Safari 13.0.1 in September. But Google has yet to close the hole which means Chrome users may be still vulnerable.
According to researchers, malvertising campaigns by eGobbler typically last for a few days. In that period, eGobbler buys advertisements on genuine services but embeds malicious code in its adverts to perform unauthorized activity on users’ browsers. These activities normally include displaying disrupting popup ads or redirecting users to malicious sites running scams or hosting malware. Thus making what they do very dangerous.
So how do you protect yourself? If you’re on Mac and you use Safari, you need to make sure that you are running Safari 13.0.1. If you’re using Chrome, you may want to consider switching browsers until this is addressed by Google.