Core
Essential
- Joined
- 21.09.20
- Messages
- 85
- Reaction score
- 261
- Points
- 53
Over the past three months, the number of impressions of malicious ads from ScamClub has reached 16 million per day.
The fraudulent group ScamClub exploited a vulnerability (CVE-2021 - 1801 ) in the WebKit engine used in various web browsers to redirect victims to fraudulent sites. Over the past three months, the number of malicious ad impressions has reached 16 million per day.
ScamClub is known for spreading a huge amount of malicious advertising. Even if most of the ads are blocked, their volume is so large that undetected ads lead to a significant number of malicious impressions during a single campaign.
Eliya Stein, a security researcher at Confiant, discovered that attackers exploited a vulnerability in the WebKit engine that allowed them to bypass the iframe sandbox policy. According to the expert, the scammers organized a malicious campaign last summer, during which they used a new method that allows malicious code, which the group usually hides in ads, to go beyond the isolated software environment of the HTML element of the iframe-a security system that prevents the code from interacting with the underlying web site.
Using a feature of how the Webkit engine handles the JavaScript EventListener (event listening block), scammers from ScamClub have been delivering malicious ads over the past months that redirected users from legitimate sites to malicious domains allegedly offering gift cards.
The vulnerability in WebKit was fixed in December 2020. Apple included the patch in the WebKit versions included in the updates released for iOS and macOS in early February. According to the company, Apple has solved the problem with an "improved application of the iframe sandbox".
The fraudulent group ScamClub exploited a vulnerability (CVE-2021 - 1801 ) in the WebKit engine used in various web browsers to redirect victims to fraudulent sites. Over the past three months, the number of malicious ad impressions has reached 16 million per day.
ScamClub is known for spreading a huge amount of malicious advertising. Even if most of the ads are blocked, their volume is so large that undetected ads lead to a significant number of malicious impressions during a single campaign.
Eliya Stein, a security researcher at Confiant, discovered that attackers exploited a vulnerability in the WebKit engine that allowed them to bypass the iframe sandbox policy. According to the expert, the scammers organized a malicious campaign last summer, during which they used a new method that allows malicious code, which the group usually hides in ads, to go beyond the isolated software environment of the HTML element of the iframe-a security system that prevents the code from interacting with the underlying web site.
Using a feature of how the Webkit engine handles the JavaScript EventListener (event listening block), scammers from ScamClub have been delivering malicious ads over the past months that redirected users from legitimate sites to malicious domains allegedly offering gift cards.
The vulnerability in WebKit was fixed in December 2020. Apple included the patch in the WebKit versions included in the updates released for iOS and macOS in early February. According to the company, Apple has solved the problem with an "improved application of the iframe sandbox".