The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. During the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million. An improvement of just 1% in the redirect rate can translate into “tens of thousands of impacted impressions”” during a single campaign. The vulnerability in WebKit is used in Chrome on iOS and Safari
Source: