Originally reported by BleepingComputer, the malvertising group ScamClub leveraged a zero-day vulnerability in the WebKit browser engine in order to distribute payloads that redirected to gift card scams through malicious iframes. WebKit is used by Chrome and Safari browsers, and has received a patch to remove this vulnerability as of December 2, 2020. The vulnerability was assigned the identifier CVE-2021-1801. In a research report originally published by Confiant, researcher/security engineer Eliya Stein discovered that the ScamClub malvertising relied on bypassing the WebKit iframe sandboxing through a previously undiscovered vulnerability.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased