Quote:Details of a flaw in Apple’s Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers.
The Safari bug, patched on Dec. 2 by Apple, was exploited by a malvertising campaign that redirected traffic to scam sites that flogged gift cards, prizes and malware to victims. Impacted was Apple’s Safari browser running on macOS Big Sur 11.0.1 and Google’s iOS-based Chrome browser. The common thread is Apple’s WebKit browser engine framework.
The attacks, which researchers at Confiant Security attributed to ScamClub, exploited a flaw in the open-source WebKit engine, according to a blog post published Tuesday by Eliya Stein, senior security engineer who found the bug on June 22, 2020.
He reports that the malicious campaign exploited a privilege-escalation vulnerability, tracked as CVE-2021–1801. Stein did not report how many, if any, people may have been impacted by the campaign or what type of malicious activity the threat actors may have engaged in post-exploit. Typically, a privilege-escalation attack’s primary goal is to obtain unauthorized access to a targeted system.
ScamClub is a well-established cybergang that for the past three years has hijacked hundreds-of-millions of browser sessions with malvertising campaigns that redirect users to adult and gift card scams.
Until today, the group is best known for a massive 2018 campaign where it redirected 300 million users to shady phishing sites, serving up adult content and gift card scams.
Read more: https://threatpost.com/safari-browser-sc...ed/164023/
![[-]](https://www.geeks.fyi/images/collapse.png)
