U.S. iOS users targeted by massive malvertising campaign

“A cyber-criminal group known as ScamClub has hijacked over 300 million browser sessions over 48 hours to redirect users to adult and gift card scams, a cyber-security firm has revealed today,” Catalin Cimpanu reports for ZDNet. “The traffic hijacking has taken place via a tactic known as malvertising, which consists of placing malicious code inside online ads.”

“In this particular case, the code used by the ScamClub group hijacked a user’s browsing session from a legitimate site, where the ad was showing, and redirected victims through a long chain of temporary websites, a redirection chain that eventually ended up on a website pushing an adult-themed site or a gift card scam,” Cimpanu reports. “‘On November 12 we’ve seen a huge spike in our telemetry,’ Jerome Dang, Confiant co-founder and CTO, told ZDNet in an email.”

“Dangu says his company worked to investigate the huge malvertising spike and discovered ScamClub activity going back to August this year. ‘The difference is the volume,’ Dango told us. ‘One of the reasons for the November 12 spike is that they were able to access a very large ad exchange. Previously they only had access to lower reputation ad networks which limited their visibility on premium websites,'” Cimpanu reports. “The Confiant CTO says the malvertising campaign abated on Tuesday, November 13, as the high-profile ad exchange removed the malicious ads. But ScamClub has continued to operate. ‘We’ve continued to see activity, to the scale of 300k hits per day, so the attacker is still active but back to its usual lower visibility ad networks,’ Dangu told ZDNet.”

Read more in the full article here.

MacDailyNews Take: From the huge number of sessions it sounds like theses criminals infiltrated Google’s and/or Facebook’s ad network(s) for a day or so before being detected and pulled. There aren’t that many “very large ad exchanges” left as Google and Facebook basically have a duopoly on the online ad industry.

Malicious code hidden in online ad images cost publishers and ad networks $1.13 billion this year – November 16, 2018
Malvertising: Unscrupulous website ads again auto-redirecting users to App Store from Safari – March 18, 2015
Shady app install ads automatically redirecting mobile users to App Store, Google Play – January 16, 2015


  1. US iOS users? I must have missed that bit.
    From the article…
    “He said that the malicious ads were created to look like ads for official Android apps (play.google.com), but in reality, they were engineered to hijack iOS US-based users and redirect them to ScamClub’s adult and gift card scams, where crooks tried to collect users’ personal and financial data via deceitful offers.”
    Still doesn’t make sense.
    I seem to remember MDN having several bouts of scam ad redirects last year.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.