about://(null) popup?

Solution 1:

Since I got the popup in iOS Simulator, I was able to use Safari's Develop menu to inspect the page. From there it was just an exercise in rooting around to find the obfuscated JavaScript, which, when run through jsbeautifier.org (which has the side effect of de-obfuscating it), looks like this:

var m = ['iphone', 'ipod', 'ipad', 'android'],
    u = navigator['userAgent']['toLowerCase']();
for (var d = 0; d < m['length']; d++) {
    if (u['indexOf'](m[d]) != -1) {
        if (confirm('Why you no play Candy Crush!!')) {
            window['top']['location'] = document['getElementById']('creative')['href'];
            break;
        };
    };
};

I think it's pretty safe to say that this is indeed a rogue ad, since on the page where I saw it, the ad itself was blank. It's trying to get you to click through to a link.

So, in other words, it's a real pain in the buttocks, but probably not actual malware. The ad in question is apparently delivered by AdMax by NEXAGE, so I'll see what I can do about alerting them.