Confiant experts report that malicious ads have been abusing a zero-day vulnerability in WebKit browsers engine (CVE-2021-1801) since last year, and although the patches were released in early February, attacks are still ongoing. Due to this vulnerability, users were sent from trusted resources to fraudulent sites.According to researchers, a hack group called ScamClub, active since 2018, is behind the attacks. As previously mentioned by experts, in general the tactics of grouping are simple: usually attackers buy a large number of ad slots on multiple platforms, hoping that at least some of the malicious ads will eventually pass security checks. Even if most of the ads are blocked, the ads that hit the post will eventually be enough for a full-scale campaign.
Typically, the group targets iOS users and uses malicious ads to redirect them to fraudulent sites, where they try to steal financial information from victims. Typically, users were informed that they had won a gift card from a well-known brand.
Confiant specialists have published a list of domains where the ScamClub group hosted their fraudulent sites with fake gift cards, their addresses can be seen in the illustration below.
Let me remind you that I wrote that for iOS was discovered a new exploit, with the help of which China traced the Uyghurs.