Contact Contact Us


A large-scale malvertising campaign prior to the Easter holiday targeted iPhone and iPad users in the US by exploiting a vulnerability in the Chrome browser for iOS to serve pop-up advertisements. The pop-ups looked like advertisements from well-known brands but contained an exploit code that bypassed sandboxing attributes to hijack user session even without user interactions. A threat group known as eGobbler gang, which has a track record of mounting large-scale malvertising attacks ahead of major holiday weekends, is believed to be responsible for the operation. The Chrome team has been notified of the bug and may release an update after investigating the issue.

[1] Massive eGobbler Malvertising Campaign Leverages Chrome Vulnerability to Target iOS Users

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883