A criminal gang took advantage of the vulnerability in the Chrome application for iOS to attack users with pop-up windows and fake ads, tricking them into accessing the website to steal accounts and money.

About 500 million fake ads were sent to the iPhone, mainly in the US, during a six-day attack earlier in April 2019.

Researchers at the company confirmed Confiant ads, who discovered the campaign, fearing they would launch another attack next weekend. Google already knows this but until they release the patch, iPhone users are advised to stick with Safari or another browser when browsing the web.

Earlier, in February 2019, the gang also spread fake advertising aimed at Mac users. Apple users are a lucrative target of malicious advertising, both on the desktop and mobile, because they often have high revenue and no traditional malicious code aimed at macOS or iOS.

Fake ads can be identified through .World domain names. Although Chrome browser features pop-up ad blocking, Confiant finds the technology to bypass this security feature. The company said after Google patched, they would reveal the method.