The experts at Kaspersky Lab recently uncovered a modification of the Trojan mobile banking Svpeng, hidden in the advertising network Google AdSense.
From mid-July, Svpeng was detected in Android devices around 318 thousand users, with a rate of infection that reaches 37 thousand victims in one day.
The attackers that attempt to steal your credit card information and personal data, such as contacts and call history, they took advantage of a bug in Google Chrome for Android. Now that Google has fixed the error, Kaspersky Lab’s experts can reveal all the details of the attack.
The first known case of an attack of Svpeng, which used the error in Chrome for Android, it was mid-July in a string of Russian on-line news. During the attack, the Trojan is downloaded stealthily in the Android devices from visitors to the web site.
To unravel the process of attack, researchers at Kaspersky Lab discovered that the campaign began with an ad infected that had been placed in Google AdSense. The announcement was so "usual" in web pages are not infected and where the Trojan is downloaded only when the user accessed the page using the Chrome browser on an Android device. Svpeng is disguising itself as a significant update to the browser or a popular app, in order to convince the user to approve the installation. Once launched the malware, it disappeared from the list of installed applications, and requested the user to give administrator rights of the device. This made the malware more difficult to detect.
apparently, the attackers found a way to avoid some of the key features of security of Google Chrome for Android. Normally, when a APK file is downloaded to a mobile device via a web link external, the browser displays a warning that you are downloading an object potentially dangerous. In this case, the scammers have found a security flaw that allowed APK files to be downloaded without notifying the users. Upon discovering the error, Kaspersky Lab instantly reported the problem to Google. The patch will be published in the next update of Google Chrome for Android.
“The case Svpeng confirms, once more, the importance of the cooperation between companies. We share the common goal of protecting users against cyber-attacks, and it is vital that we work together to achieve this goal. We are happy to help make sure the Android ecosystem, and we would like to thank Google for their prompt response to our report. We also urge users to avoid downloading apps from untrusted sources and to be cautious about the permissions that are requested,” said Nikita Buchka, analyst, malware of Kaspersky Lab.
Kaspersky Lab recommends that customers update to the Chrome browser for Android to the latest version, installing a security solution is effective and that they are aware of the tools and techniques used by the authors of malware attempt to trick users to install malware and to accept the rights of device of broad scope.
The Trojan horse of mobile banking Svpeng is designed to steal information from your bank card. Also collects history of calls, text and multimedia messages, browser bookmarks, as well as contacts. Svpeng attacks mainly the Russian-speaking countries, however, has the potential to spread globally. Due to the specific nature of the distribution of malware, and millions of web pages throughout the world are at risk, since many of them use AdSense to display ads.
Kaspersky Lab detected modification of malware like Trojan-Banker.AndroidOS.Svpeng.q
No comments:
Post a Comment