Mobile malware is becoming an even more insidious threat, security experts are observing a rapid diffusion of spyware that is able to steal sensitive data from victim’s mobile devices.
Very common are also malware that impersonates login pages of most popular applications and websites in the attempt of tricking users to provide their login credentials. Such kind of malware is able to steal private data, including banking credentials and social media account credentials.
Recently malware researchers from Kaspersky have spotted a new hacking campaign that abused Google AdSense to deliver a malware on Android devices. The malware is delivered on the victim’s mobile device when they visit certain Russian websites, even without user’s interaction.
The malicious code asks for admin rights and attempts to steal user credentials via displaying bogus login pages. The malware is able to perform other malicious operations, such as intercepting and deleting text messages.
“By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q. There you are, minding your own business, reading the news and BOOM! – no additional clicks or following links required. And be careful – it’s still out there!” reads a blog post published by Kaspersky.
The malware leverages on the Google AdSense advertising network to spread itself and many websites use this ad network.
Google has promptly fixed the problem, according to an email to a Google spokesman there is no indication that other websites are affected by the malware.
“The issue has since been resolved, a Google spokeswoman said in an email, adding that there’s no indication the attack ever affected more than one website. The company has said in the past that it works to block malware attacks from third-party ads distributed through its networks. The effort has become increasingly critical as Google and other advertising networks try to dissuade users from filtering out ads altogether with adblocking tools, which also aim to reduce ad-delivered malware and the web beacons used to track users across websites.” states the fastcompany.com.
In order to protect your mobile device keep your mobile OS up to date, install apps only from legitimate app stores and install security solutions.
(Security Affairs – Android Malware, Google AdSense)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.