Security News > 2021 > February > Malvertisers exploited browser zero-day to redirect users to scams
The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.
During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million.
ScamClub malvertisers are notorious for their noisy tactics that consist of flooding the ad ecosystem with malicious ads hoping that a smaller percentage goes through.
Describing ScamClub's "Bombardment strategy," ad security and quality controls company Confiant says that an improvement of just 1% in the redirect rate can translate into "Tens of thousands of impacted impressions" during a single campaign.
To put this into perspective, Confiant attributes to the ScamClub group more than 50 million malicious impressions over the past 90 days, with peaks in impacted ads that reached 16 million in a day.
Confiant released indicators of compromise in their GitHub repository, which include hosting of the payloads in Amazon cloud and the domains used in the recent ScamClub campaigns.