Threat actors have exploited “obscure” bugs in WebKit and Chrome browsers to serve over 1 billion awful ads in less than two months, a new analysis has found.

The attackers targeted iOS and macOS users with zero-day vulnerabilities in Chrome and Safari browsers that bypassed congenital aegis protections to show abeyant victims advancing pop-up ads, and alter users to awful sites.

Cybersecurity firm Confiant has been abundantly tracking the group — dubbed “eGobbler” — a name aggressive by the Thanksgiving holiday, when advisers spotted their malvertising campaigns for the first time last year.

It’s worth noting here that the open-source WebKit browser apprehension engine is the basis for Safari, in accession to the browsers arranged with Amazon Kindle ebook reader and Samsung Tizen OS.

Blink — the apprehension engine that powers Google Chrome — is also a fork of WebKit. But on iOS, Chrome and other third-party browsers rely on WebKit due to restrictions imposed by Apple’s App Store Review Guidelines (Section 2.5.6).

This is far from the first time eGobbler has run amok with awful ads. Back in April, the group exploited a Chrome for iOS accomplishment (CVE-2019–5840) to avoid the browser‘s congenital pop-up acquaintance to bear fake ads to 500 actor sessions of users from the US and Europe in under a week.


The flaw was eventually patched after Google appear a Chrome 75 update in June. But now, it appears eGobbler is going after a abstracted WebKit vulnerability in JavaScript to accomplish acknowledged redirects.

Confiant said the new accomplishment (CVE-2019-8771) — now fixed by Apple in iOS 13 and Safari 13.0.1 after the bug was clandestine appear to the aggregation on August 7 — leveraged the “onkeydown” event, a JavaScript action that’s accomplished every time a user presses a key on the keyboard, to assail users with pop-ups when users collaborate with a site by acute a key.

What makes the JavaScript accomplishment more insidious is that it also impacts desktop browsers, thereby giving eGobbler an befalling to expand their operations beyond mobile devices.

Between August 1 and September 23, the group served a amazing 1.16 billion malware-ridden ads, with European countries like Italy and France acceptable the prime targets.

Read next: How an AI accomplished to read accurate papers could adumbrate future discoveries