Crooks abused Google AdSense network to deliver malware on Android Devices

Pierluigi Paganini August 18, 2016

Security experts from Kaspersky spotted a malware-based campaign that abused the Google Adsense Advertising network to spread a malicious code.

Mobile malware is becoming an even more insidious threat, security experts are observing a rapid diffusion of spyware that is able to steal sensitive data from victim’s mobile devices.

Very common are also malware that impersonates login pages of most popular applications and websites in the attempt of tricking users to provide their login credentials. Such kind of malware is able to steal private data, including banking credentials and social media account credentials.

Recently malware researchers from Kaspersky have spotted a new hacking campaign that abused Google AdSense to deliver a malware on Android devices. The malware is delivered on the victim’s mobile device when they visit certain Russian websites, even without user’s interaction.

The malicious code asks for admin rights and attempts to steal user credentials via displaying bogus login pages. The malware is able to perform other malicious operations, such as intercepting and deleting text messages.

“By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q. There you are, minding your own business, reading the news and BOOM! – no additional clicks or following links required. And be careful – it’s still out there!” reads a blog post published by Kaspersky.

Android malware Google adsense 3

The malware leverages on the Google AdSense advertising network to spread itself and many websites use this ad network.

Google has promptly fixed the problem, according to an email to  a Google spokesman there is no indication that other websites are affected by the malware.

“The issue has since been resolved, a Google spokeswoman said in an email, adding that there’s no indication the attack ever affected more than one website. The company has said in the past that it works to block malware attacks from third-party ads distributed through its networks. The effort has become increasingly critical as Google and other advertising networks try to dissuade users from filtering out ads altogether with adblocking tools, which also aim to reduce ad-delivered malware and the web beacons used to track users across websites.” states the fastcompany.com.

In order to protect your mobile device keep your mobile OS up to date, install apps only from legitimate app stores and install security solutions.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Android Malware, Google AdSense)



you might also like

leave a comment