Mobile banking Trojan on rampage, ‘hides in Google AdSense’

Mobile banking Trojan on rampage, ‘hides in Google AdSense’

Mobile banking Trojan on rampage, ‘hides in Google AdSense’

0

Kaspersky Lab has alerted of a mobile banking Trojan, Svpeng, that hides in Google’s advertising network AdSense on Android devices to steal banking information.

The Internet security company says Svpeng has been detected on the Android devices of around 318,000 users, with the rate of infection peaking at 37,000 victims in a day.

The Svpeng mobile banking Trojan is designed to steal bank card information. It also collects call history, text and multimedia messages, browser bookmarks and contacts, and is focused on exploiting a bug in Google Chrome for Android.

Due to the specific nature of the malware distribution, millions of web pages globally are at risk, with many of them using AdSense to display adverts.

The Internet security company says Svpeng has been detected on the Android devices of around 318,000 users, with the rate of infection peaking at 37,000 victims in a day.

Mobile banking Trojan on rampage, ‘hides in Google AdSense’
Cyber crime

The first known case of a Svpeng attack using the bug in Chrome for Android occurred in mid-July on an online Russian news outlet. During the attack, the Trojan silently downloaded itself onto the Android devices of the website’s visitors, according to Kaspersky.

In unraveling the attack process, Kaspersky Lab researchers found that the campaign started with an infected advert being placed on Google AdSense. The advert displayed “normally” on uninfected web pages, with the Trojan only downloading when the user accessed the page via the Chrome browser on an Android device.

“Svpeng disguised itself as an important browser update or popular application, to convince the user to approve the installation. Once the malware was launched it disappeared from the list of installed apps and asked the user to give it device admin rights. This made the malware harder to detect.

“It appeared that the attackers had found a way to bypass some key security features of Google Chrome for Android.

Mobile banking Trojan on rampage, ‘hides in Google AdSense’
Technology Times photo file shows AG Mobile, a typical example of a Android smartphone

Normally, when an Android Application Package (APK) file is downloaded on a mobile device via an external web link, the browser displays a warning that a potentially dangerous object is being downloaded. In this case, fraudsters found a security flaw that allowed APK files to be downloaded without notifying users,” says the company.

On discovering the bug, Kaspersky Lab immediately reported the issue to Google. The company thus revealed that the patch will be issued in the nearest Google Chrome for Android update.

Commenting on the discovery, Nikita Buchka, Malware analyst at Kaspersky Lab said: “The Svpeng case confirms, yet again, the importance of cooperation between companies. We share a common goal to protect users from cyber-attack, and it is vital that we work together to achieve this. We are happy to help make the Android ecosystem safer, and would like to thank Google for its prompt response to our report. We also urge users to avoid downloading applications from untrusted sources and to be cautious when it comes to what permissions they are asked to give and why.”

Kaspersky Lab advises customers to upgrade the Chrome for Android browser to the latest version, install an effective security solution and to be aware of the tools and techniques used by malware authors to trick them into installing malicious software and agreeing to far-reaching device rights.

AdvertisingMobile banking Trojan on rampage, ‘hides in Google AdSense’
Success Kafoi Journalist at Technology Times Media. Mobile: 08077671673 email: success.kafoi@technologytimes.ng