Since Thanksgiving of last year, a sophisticated cybercrime group called eGobbler has been taking advantage of two browser vulnerabilities in order to display malicious ads on legitimate websites, researchers with Confiant warn. Between August 1 and September 23 of this year, eGobbler campaigns accounted for a whopping 1.16 billion ad impressions.
The malicious ads show intrusive popups of questionable products or redirect users to websites that target visitors with scams or malware. Initially eGobbler targeted iOS devices in the US, but its recent campaigns also targeted desktop users and focused more on users in Europe. What sets eGobbler apart from other malvertising actors is the ability of its members to find previously unknown (zero-day) flaws in browsers and to subsequently exploit them.
Read more: Malvertiser exploited two browser bugs to show over one billion malicious ads