Hackers Want Your iPhone –
We’re Working To Squash “Malvertising” – Updated

And what you can do in the meantime

A few months ago, the actual WordPress code on GraniteGrok was compromised, and we went to great lengths to find and exorcise the demons which had crept in. Now, with the constant vigilance of Wordfence’s scanner and firewall, and regular updates to the software, the site is clean…… but…

Update – we’ve removed the ad feed from most of the locations and replaced the feed with locally paid adverts: My iPhone no longer shows the popup/redirect interloper, and before we re-enable the ads, one panel at a time, we’d like to know if any of you are still being redirected – please comment below, thanks.

We have chosen to use a limited repertoire of advertisements in keeping with our values and philosophy, and that means a third party feed, which “phones home” to grab the next ad in rotation. The provider is highly reputable, but there seems to be a strain of “malvertising” which is creeping into a number of ad networks. Precisely because the ad networks use a small widget which in itself is clean, there is nothing for scanners and firewalls to find, and because the ads are requested from the ad network’s server by an outbound call, the firewall does not see an attack.

Ad networks consist of several levels of aggregation, and the ads themselves are from many creators, some of which are less reputable, or may have been infiltrated, such that there are opportunities for malicious or corrupted ads to creep in. The aggregators have strict terms of service, and they work hard to keep bad adverts out for the sake of their own reputation, but several prominent blog sites have recently reported problems with their ad feeds.

The recent round of bad advertisements seem to be focused on hijacking iPhones, and are obviously keying off the platform information provided by the browser, because they only pop up on iPhones. Not on iPads, Not on Macs, not on Androids, not on PCs.

If you have an iPhone and you’ve seen something like the image above when browsing the Grok, you would be well advised to install an ad-blocker on the iPhone. With most ad blockers, you can choose which sites you’d like to “whitelist” for advertisements, such as GraniteGrok.com, but until we trace the source of the problem, you may wish to block ads here as well.

We’ll run an update as soon as we have more details.