Malvertisers exploited browser zero-day to redirect users to scams


The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.

During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million.

ScamClub malvertisers are notorious for their noisy tactics that consist of flooding the ad ecosystem with malicious ads hoping that a smaller percentage goes through.

Read more…