Managed Services Australia Logo - Different Size

Malicious redirection targeted towards iPhone users.


December 13, 2019

Recent findings have exposed a malicious redirection campaign targeting iPhone users. Over 100 prominent publisher websites, comprising global news magazines and online newspapers, have fallen victim.

Inside the Devious Attack

  1. Modus Operandi: Once an iPhone user visits an affected website, a series of redirects initiate, ultimately displaying a deceptive grocery store reward ad. The “Krampus-3PC” malware silently and persistently harvests user session and cookie information during these redirects, opening doors for attackers to various online accounts of the victim.
  2. Double Trouble: Clicking on the bogus grocery store ad doesn’t bring relief; it instead ushers users to a phishing page urging them to share personal details. This information, combined with phone numbers and cookie IDs, is then misused for phishing attacks and more sinister unauthorised accesses.

The Attack’s Genesis

The culprits, whose origins are yet to be determined, leveraged the Adtechstack adtech provider platform to launch their malvertisement. By integrating malicious code into an ad (featuring a reputed tech brand and a famous boy band) via the platform’s API, they managed to run Krampus-PC3 malware covertly. What’s alarming is the infection’s seamlessness – no clicks required! As long as the malware-laden ad operates in the background, checks are conducted to ensure the victim is using an iPhone. Upon successful verification, malicious activities like data harvesting and phishing redirects initiate.

The Backbone of Your Business

The Smarts Behind the Malware

Krampus-3PC is not your run-of-the-mill malware. Evading conventional blockers and scanners through intense obfuscation, it stealthily hijacks the browser, executes malicious redirections, and even resorts to backup methods if the primary redirection fails. This “smart” malware, named after the infamous folklore figure, Krampus, is a testament to its creator’s advanced expertise. Mike Bittner, Digital Security Director at The Media Trust, hinted at its complexity being the handiwork of a skilled group rather than an individual.

While the affected publishers remain undisclosed, the adtech platform has been proactive, blacklisting the malicious advertiser and the deceitful ad.

Protection is Paramount

The concealed exploit in iPhone ads serves as a reminder: Always scrutinise URLs before divulging personal information. Today’s threats are increasingly sophisticated, making vigilance more vital than ever.

Discover cutting-edge cybersecurity solutions at Managed Services Australia.

And for state-of-the-art tech products, explore our Technology Centre today. Let’s safeguard your digital world together!

Ready to fortify your business connectivity? Ring us at 📞 1300 024 748 or drop a line through our contact form. Your uninterrupted operations are just a call away.

Book a consultation with Managed Services Australia.

Start your journey towards seamless IT solutions with us today – unlock your business’s true potential!